Skip to main content

Team Cymru

Notice

Team Cymru is available as a bundled integration with Intel Exchange. Contact your Cyware sales or support representative to gain access to the feed.

Connector Category: API Feed Source

Team Cymru provides an integrated intelligence source within Intel Exchange, enabling you to ingest and analyze threat data from two key Team Cymru feeds: Botnet Analysis and Reporting Service (BARS) and Controller (C2). These feeds supply high-fidelity indicators enriched with metadata that help you identify botnet activity, malicious controllers, and associated threat infrastructure.

Intel Exchange normalizes, enriches, and displays this data consistently across the platform, allowing you to search, correlate, and use Team Cymru indicators in your threat analysis workflows. You can also view source-level tags, indicator attributes, and analysis results aligned with Intel Exchange’s standard indicator schema.

Team Cymru supports the following two feed types in Intel Exchange:

  • BARS Feed: Provides visibility into botnet-related indicators, including associated domains, IPs, malware families, timestamps, and other metadata.

  • Controller Feed: Surfaces indicators linked to malicious command-and-control (C2) infrastructure, including controller IPs, ports, malware associations, and confidence scores.

You can enable, configure, and manage these feeds from Integration Management. Once enabled, Intel Exchange automatically ingests and displays the indicators in the Threat Data module, where you can analyze them alongside other internal and external intelligence sources.

For more information, see Team Cymru.