Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom FAT Procedures
3.8 Test 8: Flytrap W (Enhanced) Test
3.8.1 Description
This test verifies the W feature.
3.8.2 Test Setup
No additional setup required (see 2.3).
3.8.3 Test Procedure
Step Execute Action Expected Results Req
1 (CherryTree Tester) Assign Mission
“FAT Test 8 (Flytrap W Test)” to Flytrap
(Assign -> Missions page). Be sure to
click the Assign button at the bottom of
the page.
(CherryTree Tester) Verify Flytrap has
received new Mission at expected time
(“Flytrap Details” page will report
“Current Mission” as the one just
assigned).
6.1.1
6.1.2.1.2
6.1.2.2.1
6.1.6
6.1.7
6.2.1
6.2.4-5
6.2.7
6.3
2 (Flytrap Tester) On some laptops,
Wireshark will not run properly after
changing the MAC address. Verify that
Wireshark is sniffing traffic, and change
MAC/reboot if necessary.
(Flytrap Tester) Wireshark works
properly on the Target Laptop.
N/A
3 (Flytrap Tester) Start Wireshark
capture on the Target Laptop
(Flytrap Tester) Wireshark is capturing
packets on the Target Laptop.
N/A
4 (Flytrap Tester) Generate an email
Alert – open Google or Yahoo search
page, type “abc1@def.com”.
(CherryTree Tester) Verify Email Alert
is received (ticker at bottom of page
should light up and View->Alerts page
should show new entry with correct
info)
6.1.2.2
6.1.2.2.2
6.1.2.2.3
6.1.2.2.3.1
6.1.2.2.3.2
6.1.2.2.4
6.1.7
6.2.2
6.2.4
6.2.6
5 (Flytrap Tester) go to a root web page
(e.g., www.cnn.com). Stop Wireshark
capture.
(Flytrap Tester) Verify double iframe
packet in Wireshark capture. (If able,
contact W group and have them check
success).
N/A
6 (CherryTree Tester) Verify on CW that
that the View->Windex Alerts page has
a new entry with correct information,
including status.
6.1.2.2.7
6.1.2.2.8
6.2.9
UNCLASSIFIED
28