Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
according to the parameters set in the flytrap.config for this firmware, and NOT
according to those in the Mission assigned to the Flytrap.
Pass/Fail: The test passes if verification steps in the “Run” section are correct.
4.2.25 No Flytrap Persistent Data in Device Config File Test
Description: Tests that no persistent data is stored in the device config file.
Setup: Connect a client to the Flytrap, login to the Flytrap’s web page, and
download/backup the device’s configuration file. Open the configuration file using
a binary editor (e.g., bvi).
Run: Verify that the device’s configuration file contains none of the special
NVRAM keys used (e.g. lald, stt, bmw, ba0-5, bp0-5, boot_wait, etc.).
Pass/Fail: The test passes if verification steps in the “Run” section are correct.
4.2.26 No Unintended Emissions Test
Description: This is a catchall test to make sure that the Flytrap is not creating
any unintended network traffic.
Setup: Connect the WAN of the Flytrap to a hub, and connect the hub to the
internet. Verify internet connectivity. Connect a Wireshark client to the hub, and
start Wireshark.
Run: Allow Wireshark to run for an extended period of time. Verify that Flytrap
emissions are as intended according to the initial beacon settings in
flytrap.config, or according to the settings of the current Mission.
Pass/Fail: The test passes if verification steps in the “Run” section are correct.
4.2.27 Target Based VPN Link Action Test
Description: Tests the target based VPN Action.
Setup: Plan/Assign a mission with a target based VPN action. Connect two
client computers to the flytrap.
Run: Generate an Alert at one of the client computers. Verify the VPN Link is up.
Verify (via ping) connection to the flytrap. Verify port scan (via netcat) of a service
running on the client computer.
UNCLASSIFIED
35