Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

UNCLASSIFIED
Cherry Bomb Program Cherry Blossom FAT Procedures
successful Beacon, and disconnect the
hub again. Repeat 3 times to be
certain that the Flytrap is only
Beaconing to the PoP IP address and
not the PoP URL (i.e. wireshark shows
no DNS lookups of the PoP URL).
4 (Flytrap Tester) Reconnect the hub’s
internet port and verify Flytrap internet
connectivity from the Target laptop.
(Flytrap Tester) Target laptop
has internet connectivity.
CB v5.0
4.1.1
4.2.1
5 (Cherry Tree Tester) Assign a Mission
where the built-in PoP addresses are
to be included (i.e., “Use Firmware
Default PoP(s) in Mission” field of the
“Mission Workflow Step 8: PoP(s)” is
“Yes”) and no other PoP addresses
are specified in the Mission. Set
beacon fast and slow retries to 10
seconds.
(CherryTree Tester) Verify
Flytrap has received new
Mission at expected time
(“Flytrap Details” page will
report “Current Mission” as
the one just assigned).
CB v5.0
4.1.1
4.2.1
6 (Flytrap Tester) Once the Cherry Tree
Tester has verified Flytrap receipt of
the new Mission, disconnect the hub’s
internet port.
(Flytrap Tester) Flytrap no
longer has internet
connectivity.
CB v5.0
4.1.1
4.2.1
7 (Flytrap Tester) Start wireshark on the
squid laptop and verify that the Flytrap
attempts to beacon to the IP address
built-in to the Flytrap firmware.
(Flytrap Tester) Wireshark
should show beacon attempts
to the test PoP IP address
and DNS lookups of the test
PoP URL.
CB v5.0
4.1.1
4.2.1
3.16.4 Test Cleanup
No additional cleanup required.
3.16.5 Pass/Fail Criterion
See “Expected Results” in table.
3.16.6 Regression Tests
None.
UNCLASSIFIED
42

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh