Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

UNCLASSIFIED
Cherry Bomb Program Cherry Blossom Internal Test Procedures
correct (the “Actual Time” should be ‘N’ seconds before the “Receive Time”,
where ‘N’ is roughly the number of seconds between generating the Alert and
connecting the Flytrap to the internet. Note that internet connections can take up
to 30 seconds depending on Flytrap device type, so ‘N’ could vary by this
amount).
4.2.5 Target Monitoring Test
Description: Tests the Target Monitoring feature of the Flytrap.
Setup: plan/assign a Mission to a Flytrap with Target Monitoring enabled, and
Target Monitoring interval = 5 seconds and Session Timeout = 60 seconds (other
parameters as in 4.2.1).
Run: from the Client Computer, generate an Alert. On CherryWeb, verify (on the
View->Alerts page) that the “Session Active” is reporting “Yes” for the Alert when
there is activity and “No” when there is no activity. Disconnect the test client from
the device and wait “Session Timeout”. Reconnect the client and verify that a
derived MAC alert is sent for the test client’s MAC address.
Pass/Fail: the test passes if the perceived “Session Active” column is behaving
according to Target Monitoring behavior (consult Cherry Blossom User’s Manual
for Target Monitoring details), and if the derived MAC alert is sent after the test
client’s session has timed out.
4.2.6 Redirect Action Test
Description: Tests the Redirect Action feature of the Flytrap.
Setup: plan/assign a Mission to a Flytrap with abc@def.com as a Target with a
Redirect Action type of Legacy and a Redirect URL to slashdot.org. Set other
parameters as in 4.2.1).
Run: from the Client Computer, generate an Alert for abc@def.com (perform a
Google search for abc@def.com). Then go to a root web page (e.g., asdf.com).
Client Computer’s browser should be redirected to slashdot.org.
Pass/Fail: the test passes if the Client Computer’s browser is redirected to
slashdot.org after the Alert is generated and the browser is directed to a root web
page.
4.2.7 Double IFrame Action Test
Description: Tests the Double IFrame Action feature of the Flytrap.
UNCLASSIFIED
26

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh