Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
5.2.3.1 (S) Encrypted/Authenticated/Covert Communication through PoP
(S) All communication between a Flytrap and the CT, excluding Copy data, is encrypted
and authenticated. A covert communication technique is used as well. Section 15.1
details the encryption/authentication/cover communication method.
(U) All communication between a Flytrap and the CT is done through a PoP.
5.2.3.2 (U) Communications Can Transit a Squid Proxy Server in Default
Configuration
(U) CB communications including Beacons, Alerts, and Copy data, can transit a squid
proxy server in default configuration.
5.2.3.3 (U) Beacon
(U) A Flytrap will periodically send a Beacon to report status and security settings, and to
get Mission tasking. Sections 15.1.2 and 15.1.3 list the status information and security
settings included in a Beacon, respectively.
(U) Beacon logic includes a retry mechanism and a “traffic requirement” mechanism to
send only in the midst of other background network traffic and only if the Flytrap has
internet connectivity. Section 15.2 discusses Beacon logic in more detail.
5.2.3.4 (U) Mission Tasking
(S) When a Flytrap sends a Beacon, the CT responds by tasking the Flytrap with a
Mission. Upon receipt of a Mission, a Flytrap will begin Mission execution, typically
configuring the necessary implant modules on the Flytrap and running the necessary
applications.
5.2.3.4.1 (U) Hashed Target List
(S) The Mission includes a hashed list of email, chat, and MAC address Targets. Hashes
are computed using the MD5 one-way hashing algorithm. Note that the hashed Target list
is stored only in volatile RAM (and not in persisted in non-volatile RAM).
5.2.3.4.2 (U) Target Action Configuration
(S) The Mission includes a list of Target Actions to take upon detection of a Target.
Target Actions are discussed in more detail in 5.2.3.9.
5.2.3.4.3 (U) Mission Support Parameters
(U) The Mission includes a number of support parameters, including configuration data
for sending the next Beacon. Mission support parameters are detailed in Section 9.11.
5.2.3.4.4 (U) PoP List
(U) The Mission includes a list of PoPs that are used to relay communications between
the Flytrap and the CherryTree. If a communication fails, the Flytrap will retry the
communication, each time using the next PoP on the list. See 15.2 for more information
on Beacon retry logic.
13
SECRET//20350112