Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom FAT Procedures
3.21Test 21: CB v5.0 Target Deck Persistent Actions
3.21.1 Description
This test verifies the Target Deck with Persistent Actions requirement.
3.21.2 Test Setup
IMPORTANT: squid must be disabled for this test (due to VPN Link).
3.21.3 Test Procedure
Step
Execute Action
Expected Results Req
1 (Cherry Tree Tester) On the Cherry Web
menu pane, navigate to “PlanTarget
Decks” page. Create a Target Deck
containing email Targets abc2@def.com,
abc3@def.com, and abc4@def.com.
Assign no Actions to these Targets.
Navigate to the “PlanMissions” page
and create a Mission with a short (60
second) beacon period and no traffic
requirement. Add the Target Deck to the
Mission, and assign it to the Flytrap.
(CherryTree Tester) Navigate to
“ViewMissions” and verify that the
Targets appear with no Actions. Verify
Flytrap has received new Mission at
expected time (“Flytrap Details” page
will report “Current Mission” as the
one just assigned).
CB v5.0
4.1.4
2 (Flytrap Tester) Generate an email Alert
for abc2@def.com, abc3@def.com and
abc4@def.com (using Google or Yahoo
search page).
(CherryTree Tester) Verify Email
Alerts are received (ticker at bottom of
page should light up and View->Alerts
page should show new entries with
correct info)
CB v5.0
4.1.4
3 (Cherry Tree Tester) On the Cherry Web
menu pane, navigate to “PlanTarget
Decks” page. Edit the Target Deck from
Step 1, adding a Copy Action with 1
minute timeout for abc2@def.com, a W
Action for abc3@def.com, and a VPN Link
Action with 10 minute timeout for
abc4@def.com (ensure VPN Server
address is correct).
(CherryTree Tester) Navigate to
“ViewMissions” and verify that the
Targets appear with the correct
Actions. Verify Flytrap has received
new Mission (editing the Target Deck
will create a new Mission revision and
auto-assign it to the Flytrap) at
expected time (“Flytrap Details” page
will report “Current Mission” as the
one just assigned).
CB v5.0
4.1.4
4 (Flytrap Tester) Generate an Alert for
abc2@def.com and surf some random
websites for >1 minute.
(CherryTree Tester) Verify existence,
size, and timestamps of Copy data
(View->Alerts and click on the
“download” link under the “Copy Data”
column for the Alert just received).
Download the copy file and open with
Wireshark (may not be installed on
Terminal) or binary editor (look for
DNS entries matching sites surfed to).
CB v5.0
4.1.4
UNCLASSIFIED
47