Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
applications, etc. When the Flytrap detects a Target, it will send an Alert to the CT and
commence any actions/exploits against the Target. The CT logs Alerts to a database, and,
potentially distributes Alert information to interested parties (via Catapult).
4.2 (U) Definitions
(U) Listed are definitions of system components and common terminology used
throughout this document:
• (U) Claymore – (S) a survey, collection, and implant tool used to determine wireless
device make, model, and version and to implant supported devices with CB firmware.
• (U) Flytrap – (S) a wireless access point (AP), router, or other device that has been
implanted with CB firmware. Flytraps execute Missions to detect and exploit Targets.
• (U) CherryTree (CT) – (S) command and control server that manages:
o Handling and storage of Flytrap Missions and Mission-related data
o Handling and storage of Flytrap status
o Handling, storage, and further distribution of Flytrap Alerts
• (U) CherryWeb (CW) – (S) browser-based user interface that allows operators to
view system status, configure the system, view target activity, and plan/assign
Missions.
• (U) Point of Presence (PoP) – (S) a sponsor-maintained relay that forwards
communication between a Flytrap and the CherryTree.
• (U) User – (S) an operator of the CB system. Users can, for example, log into CW,
plan and assign Missions, view system status, etc.
• (U) Target – (S) a computer/person that should be monitored and at which exploits
should be targeted. Flytraps use MAC address, email address, chat username, or VoIP
number to detect/identify Targets.
• (U) Target Deck – (S) a grouping of related Targets.
• (U) Mission – (S) tasking given to a Flytrap in response to a Beacon.
• (U) Operation (formerly Customer) – (S) an entity around which CB system data is
organized and to which this data is reported. CB Users can compartmentalize system
data according to Operation.
• (U) Beacon – (S) a periodic communication between a Flytrap and the CT, where the
Flytrap indicates its status, security info, etc. to the CT. In response to a Beacon, the
CT sends the Flytrap a Mission.
• (U) Alert – (S) a communication sent from a Flytrap to the CT when the Flytrap has
detected Target activity
• (U) One-way Transfer (OWT) – (S) a process of packaging and moving CB system
data to a secure computer. An OWT report is typically organized around an
Operation.
• (U) Flash – (noun) non-volatile RAM where the system image and persistent
configuration data is typically stored on a wireless networking device
• (U) Flash/Reflash – (verb) the process of upgrading a device with a new firmware
image.
10
SECRET//20350112