Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
9.26 (U) Viewing Windex Alerts
(S) To view alerts related to Windex (browser redirect) actions, click the “View ->
Windex Alert” link (see Figure 50).
Figure 50: Cherry Web View -> Windex Alerts Page
(S) The table lists Windex alert info, including Target identifier, time of the event, status,
Windex Session ID, Flytrap, client MAC and IP, and the URL the client originally
requested. Windex Status has the following types:
• Pending indicates that the Target has been detected, but has not yet gone to a root
web page to initiate the browser redirect
• Redirected indicates that the Target’s browser has been redirected
• Active indicates that Windex has an Active session with the redirected client
• Success indicates that Windex has successfully exploited the client
• Failure indicates that Windex was not able to exploit the client
• Unknown indicates that the current status is unknown (e.g., the CT could not
contact the Windex server for a status update)
(S) Windex Session ID can be used on a Windex Server to fetch more detailed
information about the Windex exploitation event (in particular if a failure occurs).
102
SECRET//20350112
View ->
Windex Alerts