Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20350112
(S) The “View->Flytraps” page has a “VPN Link” column that indicates the status of a
VPN Link to that Flytrap. A green “Up” indicates that a VPN Link is open. The Flytrap
Details page indicates the IP Address to use to connect to the Flytrap over the VPN Link.
This address can be used to run discovery/intrusion/exploitation tools against clients on
the Flytrap’s LAN/WLAN. A red “Down” indicates that the VPN Link is down (from a
timeout). A yellow “Up?” indicates that the VPN Link should be up based on the Mission
settings, but the Flytrap hasn’t beaconed when it was expected to – this could indicate
that the Flytrap is no longer in contact and hence the VPN Link may no longer be valid.
A black “N/A” indicates that VPN Link (or Proxy) is not configured for the Mission
currently executing on the Flytrap. See section 9.27 for a detailed description of the usage
of VPN Link and Proxy.
Figure 9: Cherry Web Flytrap Details Page
(S) The Flytrap Details page (Figure 9) includes a history table of both common status
information and security settings from each Beacon. Currently, the most recent 25 status
and security entries are displayed, but the CT stores every history entry in its database.
Note that the “Status History” table also contains the harvest buffer “Fill %” (both “RFC
822” and “Strict” – see 5.2.3.12). A value of “100%” indicates that the harvest buffer was
completely filled during the last Beacon interval, and implies that a Mission with a
shorter Beacon interval might be desirable for future harvesting.
55
SECRET//20350112
Flytrap
Information
Data
Associated
with this
Flytrap
Status
History
Security
History

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh