Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
4.2.13 Copy All Test
Description: Tests the Copy All feature of the Flytrap.
Setup: plan/assign a Mission with “Global Traffic Action” = “Copy All” with a 5
minute timeout. Set other parameters as in 4.2.1.
Run: from the Client Computer and the Second Client Computer, continuously
ping an internet address (e.g., ping google.com) indefinitely, and surf the internet
for at least 5 minutes.
Pass/Fail: the test passes if the Client Computer’s and the Second Client
Computer’s network traffic are copied for 5 minutes. Using CherryWeb, go to the
Flytrap Details page for your Flytrap, and under the “Collected Data” header,
click the Copy Data “View” link. Then select the appropriate copy data file for the
Copy All timeframe. Verify time and content of capture. A decent way to verify
content is, in Wireshark, to sort the packets by type, and look at the DNS packets
– they should match the surf history. To verify timeout, in Wireshark, scroll to the
last packet and check the time it should be 5 minutes +/- 10 seconds (due to
caching and periodic bursting of copy data from ulogd). Also verify packets from
both Client Computer and the Second Client Computer (sort packets via MAC
address).
4.2.14 Harvest Test
Description: Tests the Email and Chat Harvest feature of the Flytrap.
Setup: plan/assign a Mission with “Harvest Email & Chat” = “Yes”. Set other
parameters as in 4.2.1.
Run: from the Client Computer and the Second Client Computer, generate
network traffic with email addresses and chat addresses (that are not already
Targets in the Flytrap’s executing Mission). At the next Flytrap Beacon event, on
CherryWeb, check the View->Harvest Data page (sort by Flytrap and page to
entries for your Flytrap).
Pass/Fail: the test passes if the CherryWeb displays the harvested emails and
chats that you generated. Note that harvest data is sent with each beacon, so
you may have to wait for the next beacon to see a harvested email/chat.
4.2.15 Flytrap Kill Test
Description: Tests the Flytrap Kill feature of the Flytrap.
Setup: assign a Flytrap Kill (using CherryWeb, Assign -> Flytrap Kill and select
your Flytrap name) to your Flytrap.
UNCLASSIFIED
30