Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
UNCLASSIFIED
Cherry Bomb Program Cherry Blossom FAT Procedures
5 (Flytrap Tester) Start Wireshark capture
on the Target Laptop.
(Flytrap Tester) Wireshark is
capturing packets on the Target
Laptop.
CB v5.0
4.1.4
6 (Flytrap Tester) Generate an email Alert
for abc3@def.com– open Google or
Yahoo search page, type
“abc3@def.com”.
(CherryTree Tester) Verify Email Alert
is received (ticker at bottom of page
should light up and View->Alerts page
should show new entry with correct
info)
CB v5.0
4.1.4
7 (Flytrap Tester) go to a root web page
(e.g., www.slashdot.org). Stop Wireshark
capture.
(Flytrap Tester) Verify double iframe
packet in Wireshark capture.
CB v5.0
4.1.4
8 NOTE: VPN Link is not supported through
squid.
(Flytrap Tester) From the Target Laptop,
configure the Flytrap’s Internet (WAN)
Connection to DHCP (i.e., this will disable
squid), if it is not already.
Target Laptop should have internet
access and should no longer be going
thru the Squid Laptop (verify on Squid
Laptop access.log).
CB v5.0
4.1.4
9 (Flytrap Tester) Generate an email Alert –
open Google or Yahoo search page, type
“abc4@def.com”.
(CherryTree Tester) Verify Email Alert
is received (ticker at bottom of page
should light up and View->Alerts page
should show new entry with correct
info)
CB v5.0
4.1.4
10 (CherryTree Tester) Ping the VPN Link IP
Address. Get the “VPN IP Address” On
“Flytrap Details” page. From the “VPN
Link Terminal” (see section 2.3), issue:
ping <VPN IP Address>
Note: Mission has 10 minute VPN Link
timeout.
(CherryTree Tester) Verify successful
Flytrap ping.
CB v5.0
4.1.4
11 (CherryTree Tester) Ping the Target
Laptop. Go to “View -> Alerts” and check
the “Client VPN IP” for the Alert generated
in this test – this is the <VPN IP Address
of Target>. Then, from “VPN Link
Terminal”, issue:
ping <VPN IP Address of Target>
(CherryTree Tester) Verify successful
Target Laptop ping.
CB v5.0
4.1.4
3.21.4 Test Cleanup
No additional cleanup required.
UNCLASSIFIED
48