Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET // 20350112
Cherry Bomb Program Cherry Blossom Requirements Verification Traceability Matrix
1 (U) Introduction
(S) This document establishes the Requirements Verification Traceability Matrix (RVTM) for
the Cherry Blossom (CBlossom) project of the Cherry Bomb (CBomb) program. The RVTM is
used to connect and trace system requirements to system design and test procedures. System
requirements are documented in Cherry Blossom System Requirements Specification Document
[CDRL 10] and test procedures are documented in Cherry Blossom FAT Procedures [CDRL 14],
Cherry Blossom Cherry Tree Upgrade Test Procedures [CDRL 14b], and Cherry Blossom
Internal Test Procedures [CDRL 14c].
(S) The focus of Cherry Blossom is to develop implanted firmware for wireless networking
devices, including wireless access points (APs) and routers. An implanted device can then be
used to monitor the internet activity of and deliver software exploits to targets of interest. It
should be noted, however, that the Cherry Blossom architecture does not limit itself to wireless
devices – in general, wired network devices could be implanted/compromised in the same
fashion to achieve the same goals.
(U) This document is for CBlossom version 5.0. CBlossom version 5.0 will include new releases
of the CBlossom Flytrap and Cherry Tree products, each being referred to as version 5.0.
CBlossom version 5.0 will be derived from the last FAT tested versions of the CBlossom Flytrap
and Cherry Tree products (see the Cherry Bomb Configuration Management Plan [CDRL 2] for
detailed info on Cherry Bomb products and product versions). CBlossom version 5.0 has two
‘enhancements’ stages: enhancements 1 (referred to as E1) will undergo FAT in the May 2012
timeframe; enhancements 2 (referred to as E2) will undergo FAT in the August 2012 timeframe.
SECRET // 20350112
4