Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//20350112
5.3 (U) Point of Presence (PoP)
(S) The communication between the CT and Flytraps will be relayed through a Point of
Presence (PoP) – formerly these were referred to as Tumbleweeds, but this term is now
deprecated. The PoP is a relay that is configured to properly relay traffic, and hence
provide a layer of protection against discovery of the CT’s address. PoP’s are maintained
by the sponsor network group. See the “Cherry Blossom Installation Guide” for details of
PoP configuration.
5.4 (U) CherryTree
5.4.1 (U) Overview
(S) The CB system includes a command and control server referred to as the CherryTree
(CT). The CT manages all Flytrap functions, including handling of beacons, handling of
Alerts, handling of Copy data, and Mission tasking.
5.4.2 (U) Encrypted and Authenticated Communication through PoP
(S) All communication between a Flytrap and the CT, excluding Copy data, is encrypted
and authenticated. Section 15.1 details the encryption/authentication method. All
communication between a Flytrap and the CT is done through a PoP.
5.4.3 (U) Handling and Persistent Storage of Beacon Information
(S) The CT handles and stores Flytrap beacon information, including status and security
settings (see 15.1.2 and 15.1.3), persistently in a database.
5.4.4 (U) Handling and Persistent Storage of Alert Information
(S) The CT handles and stores Alert information (see 5.2.3.7) and Target Monitoring
session information (see 5.2.3.8) persistently in a database.
(S) The CT handles and stores Firmware Upgrade Alerts (see 5.2.3.18) persistently in a
database.
(S) The CT handles and stores Windex Alerts (see 5.2.3.9.1) persistently in a database.
5.4.5 (S) Alerts Forwarded to Catapult
(S) The CT can be configured to forward Alert information to the Catapult system.
Section 8.5 discusses configuring the CT to forward Alerts to Catapult, and discusses the
forwarding procedure and Alert format.
5.4.6 (U) Handling and Persistent Storage of Copy Data
(S) The CT handles and persistently stores Copy data (as in section 5.2.3.9.2) to the local
filesystem.
21
SECRET//20350112