Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
4.2.36 W Alert Test
Description: Tests that the Flytrap properly sends a W Alert.
Setup: plan/assign a Mission to a Flytrap with abc@def.com as a Target with a
Redirect Action type of Double IFrame and set the Redirect URL to slashdot.org.
Set other parameters as in 4.2.1).
Run: from the Client Computer, generate an Alert for abc@def.com (perform a
Google search for abc@def.com). Then go to a root web page (e.g.,
madonnainn.com). The client’s computer should have an embedded Double
IFrame to the redirected URL (verify with wireshark). Verify on CW (View->W
Alerts) that a Windex Alert occurs with correct info.
Pass/Fail: the test passes if CW shows a corresponding W Alert with correct
info.
4.2.37 Application Execution Test
Description: Tests that the Flytrap properly executes an “uploaded” application.
Setup: Upload a shelld (or similar application) Mission File built for the Flytrap
make/model/hw version/fw version (on CW, Plan->Flytrap Applications->Mission
File). Create an “Execute Command” for this application (on CW, Plan->Flytrap
Applications->Execute Command) – for example, to have shelld run on port
12345, use “<shelld_name> -p 12345”. Build a Mission that includes this Mission
File and this Execute Command. Assign this Mission to the Flytrap.
Run: have the Flytrap beacon and receive the Mission. From the Client
Computer, open a console and telnet (in the case of shelld) to the Flytrap
(e.g., “telnet 192.168.1.1 12345”).
Pass/Fail: the test passes if the Client Computer can successfully telnet to
the Flytrap.
4.2.38 Inhibit FW Version String Test
Description: Tests that the Flytrap properly shows a modified fw version string.
Setup: Flytrap must have a firmware that supports inhibit. Assign a Mission with
a fw version string for the Flytrap device type.
Run: have the Flytrap beacon and receive the Mission. From the Client
Computer, browse to the Flytrap’s configuration web page. Verify the web
page displays the correct FW version string.
Pass/Fail: the test passes if the Flytrap shows the correct fw version string on
its configuration web page.
UNCLASSIFIED
40