Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
Alert will be generated. Now, say a User (with proper permissions) edits “TD2” by
including a new MAC Target “00:DE:AD:BE:EF:00”. This will create a new revision of
“M1”, now (automatically) entitled “M1 rev. 3”, and it will create a new revision of
“M2”, now (automatically) entitled “M2 rev 2”. The next time “FT1” beacons, it will get
the new “M1 rev. 3” Mission. The next time “FT2” beacons, it will get the new “M2 rev.
2” Mission. Should MAC “00:DE:AD:BE:EF:00” be detected at FT1 or at FT2, an Alert
will be generated.
(S) It is important to note that Target Actions are Mission-specific, not Target Deck
specific. The Target Deck is merely a grouping of Targets, and contains no Target Action
information. So, when a Target Deck is edited and a new Mission revision is created, the
Target Actions that were assigned in that Mission will remain the same for any Targets in
the Target Deck that have not changed. If a Target is added to the Target Deck, then it
will have no Actions associated with it (i.e., an Alert will be generated if that Target is
detected, but Copy, VPN Link/Proxy, or the Windex Redirect exploit will not occur). If a
Target Action is desired for a Target that has been newly added to a Target Deck, then a
new Mission must be created (typically, using the previous Mission as the starter
Mission), and appropriate Target Actions assigned to the newly added Target in the
Mission Workflow “Add Target Actions” step (see Section 5.11.11).
5.18 (U) Assigning a Kill Mission (“cwadmin” User Only)
(S) A Kill Mission (see CBUM Section 5.2.3.16) can be assigned to a Flytrap to have it
abort immediately after retrieving the Kill Mission. Note that Kill is an unrecoverable
event, so be very cautious when assigning a Kill Mission. Click the “Assign Flytrap
Kill” menu link (see Figure 39). Select the Flytrap you want to kill from the drop down
box. Then click the “Kill Selected Flytrap” button and follow the instructions on the
confirmation page. Note that a Kill Mission can be assigned to only one Flytrap at a time
to help mitigate a critical user mistake. Furthermore, this feature is limited only to Users
with “cwadmin” privileges (see CBUM).
52