Products
Threat Intelligence Solution
Pure Signal ReconPure Signal Scout
Threat Feeds
Use Cases
Supply Chain and Risk ThreatsRansomwareNation-State Threat ActorsPhishing
Community Services
Request Service
Bogon SignupDDOS Mitigation UTRS SignupNimbus SignupMHR - API SignupCSIRT Assistance Program Signup
Service Overview
Bogon NetworksDDOS Mitigation UTRSNimbus Threat MonitorMHR - API CSIRT Assistance Program
Network ServicesNews Bytes SubscriptionRISE & UE
Customers
Resources
BlogPodcastEvents & WebinarsResources LibraryIntelligence Terms
Partners
Resellers, MSPs & SIs
Technology Alliance Partners
GoogleMicrosoftPalo AltoSplunkMaltegoTinesServiceNowThreatQuotientCyware
API IntegrationBecome a Partner
Company
About UsNewsPress ReleasesCareersContact Us
Talk To an expert
Heading 6

Our BARS cyber threat intelligence

Our Botnet Analysis & Reporting Service (BARS) provides in-depth analysis, tracking, and history of 40+ malware families that utilize unique control protocols and possibly encryption mechanisms.

Our BARS cyber threat intelligence includes IP, BGP and GeoIP information related to each bot. We automatically track botnet infrastructure, and we have a team of malware analysts dedicated to investigating new malware families and/or variants. We are continually developing specialized code to track and report on new threats as they arise.

XML Files

Bot XML File​

This channel contains information related to hosts infected with malware (bots), including the IP, BGP and GeoIP information related to each Bot. Each infected host is also categorized with the type of malware it is infected with, including additional elements.​

Command and Control XML File

This channel contains information related to command and control servers, including the type of botnet, details about the host(s) being used to control the botnet, and when available, SHA1/MD5 hashes for malware observed connecting to the botnet.​

We list three different types of botnets: IRC (Internet Relay Chat), HTTP, and P2P (Peer to Peer), each with additional elements. For example, the XML entry for an IRC based botnet may include the IPs, ports, channels and passwords of multiple servers being used to control the botnet.

Subset of Controller Feed Entries Include (as of July 2022)

  • Amadey
  • CobaltStrike
  • Emotet
  • Lokibot
  • Mirai
  • Nanocore
  • Qakbot
  • Raccoonstealer
  • Redline
  • Xorddos

Example Attack Categories

  • TCP: TCP-based traffic attack
  • UDP: UDP-based traffic attack
  • ICMP: ICMP-based traffic attack
  • SYN: TCP Syn flood attack
  • HTTP: HTTP/HTTPS-based resource attack
  • DNSamp: DNSamplification attacks (DNS recursion)

‍

Products
Pure Signal™ ReconPure Signal™ ScoutIP Reputation FeedController FeedBotnet Analysis & Reporting
Community Services
Nimbus Threat MonitorUTRSBOGON ReferenceCSIRT Assistance Program
Contact us
tel: +1 847-378-3300sales@cymru.com
Follow Us
Support
0900-1700 ET1400-2200 UTCsupport@cymru.comPGP KeyEmergencies: +1 847-378-3301
© 2025 Team Cymru. All Rights Reserved.
GDPRPrivacy PolicyModern Slavery Act