Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
5.26 (U) Viewing Windex Alerts
(S) To view alerts related to Windex (browser redirect) actions, click the “View
Windex Alert” link (see Figure 47).
Figure 47: Cherry Web View Windex Alerts Page
(S) The table lists Windex alert info, including Target identifier, time of the event, status,
Windex Session ID, Flytrap, client MAC and IP, and the URL the client originally
requested. Windex Status has the following types:
• Pending indicates that the Target has been detected, but has not yet gone to a root
web page to initiate the browser redirect
• Redirected indicates that the Target’s browser has been redirected
• Active indicates that Windex has an Active session with the redirected client
• Success indicates that Windex has successfully exploited the client
• Failure indicates that Windex was not able to exploit the client
• Unknown indicates that the current status is unknown (e.g., the CT could not
contact the Windex server for a status update)
(S) Windex Session ID can be used on a Windex Server to fetch more detailed
information about the Windex exploitation event (in particular if a failure occurs).
61
View
Windex Alerts