Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
Setup: plan a Mission with the same parameters as 4.2.1, adding the MAC
address of the interface (wireless card or Ethernet card) by which you are
connecting Client Computer to the Flytrap. Have the Flytrap beacon and receive
the Mission.
Run: generate some internet traffic from the Client Computer and verify timely
alerting of the MAC Target on CherryWeb.
Pass/Fail: the test passes if the Client Computer network activity results in a
timely alert at CherryWeb (View->Alerts), and all of the Alert information
displayed on CherryWeb is correct.
4.2.3 Beacon Status and Security Settings Test
Description: Tests that beacon contains correct status and security settings for
the Flytrap.
Setup: have a Flytrap beacon. Alter the security settings of the Flytrap. Have the
Flytrap beacon again.
Run: go to the CherryWeb Flytrap Details (View->Flytrap->Click on your Flytrap
Name link) page for your Flytrap and examine the Status and Security History
tables.
Pass/Fail: the test passes if the Flytrap Details page displays the correct status
and security settings for the Flytrap.
NOTE: a more exhaustive evaluation of Flytrap status and security settings is
done during the platform expansion phase of each particular device. See the
<CB>/Test/BeaconSettingsChecklist.xls.
4.2.4 Alert Caching Test
Description: Tests caching of alerts by the Flytrap if an Alert cannot be sent to
the CherryTree.
Setup: generate an Alert in a situation where the Flytrap cannot connect to the
CherryTree. Either shutdown the CherryTree before the Alert is generated, or
use a setup like 4.1.2, where the Client Computer can connect to the Server
Computer and generate an Alert (e.g., the Server Computer has a webpage with
a Target email), but cannot connect to the internet.
Run: from the Client Computer, generate an Alert, and wait 5 minutes. Connect
the Flytrap to the internet, and verify the cached Alert is received via CherryWeb.
Pass/Fail: the test passes if the cached Alert is received shortly after connecting
the Flytrap to the internet, and the Alert’s “Actual Time” and “Received Time” are
UNCLASSIFIED
25