Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
Cherry Bomb Program Cherry Blossom System Requirements Specification Document
1 (U) Introduction
(U) This document specifies the requirements for the Cherry Blossom (CBlossom) project of the
Cherry Bomb (CBomb) program for the contract year 2011-2012.
(S) The focus of CBlossom is to develop implanted firmware for wireless networking devices,
including wireless access points (APs) and routers. An implanted device can then be used to
monitor the internet activity of and deliver software exploits to targets of interest. It should be
noted, however, that the CBlossom architecture does not limit itself to wireless devices – in
general, wired network devices could be implanted/compromised in the same fashion to achieve
the same goals.
(U) This document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases
of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.
CBlossom version 5.0 will be derived from the last FAT tested versions of the CBlossom Flytrap
and Cherry Tree products (see the Cherry Bomb Configuration Management Plan [CDRL 2] for
detailed info on Cherry Bomb products and product versions).
(U) This document should be used in conjunction with Cherry Blossom: Requirements
Verification Traceability Matrix [CDRL 11], which shall be updated to reflect the additional
requirements described herein.
SECRET//20350112
4