Team Cymru RFC 2350 Profile
1. Document Information
This document complies with RFC 2350.
1.1. Date of Last Update
This is version 1.3 dated 11 October 2022
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3.
E-mail notification of updates are sent to:
All Team Cymru TI members
Any questions about updates please address to the Team e-mail address: TI-Team@cymru.com.
1.3. Locations where this Document May Be Found
The current version of this profile is always available at https://www.team-cymru.com/rfc-2350/.
2. Contact Information
2.1. Name of the Team
Team Cymru, Inc.
Team Cymru, Inc.
901 International Parkway
Lake Mary, FL 32746
2.3. Time Zone
Global; Main offices in US/Eastern (UTC-0500, UTC-0400 in Summer Time)
2.4. Telephone Number
CERT emergency telephone number: +1 847 378 3301
2.5. Facsimile Number
+1 407 878 7832
2.6. Other Telecommunication
2.7. Electronic Mail Address
Please send reports which relate to the Team Cymru constituency, including copyright issues, spam and abuse to firstname.lastname@example.org.
Please send reports of security vulnerabilities or incidents relating to Team Cymru to email@example.com.
Non-incident related mail should be addressed to firstname.lastname@example.org.
2.8. Public Keys and Encryption Information
Please sign your messages using your own key which is verifiable using the public keyservers.
All members of Team Cymru can read mail encrypted with the email@example.com key, so you may use it if you cannot find a key for a specific Team Cymru member.
2.9. Team Members
No information is provided about the Team Cymru team members in public.
2.10. Other Information
Further information about Team Cymru can be found at: https://www.team-cymru.com/company/.
Team Cymru is accredited by the Trusted Introducer for CERTs in Europe; see http://www.trusted-introducer.org/teams/team cymru.html for details.
Team Cymru is a member of FIRST (Forum for Incident Response and Security Teams); see: http://www.first.org/members/teams/team_cymru/ for details.
2.11. Points of Customer Contact
The preferred method for contacting Team Cymru is via e-mail.
For general inquiries please send e-mail to firstname.lastname@example.org
For Abuse issues please use: email@example.com
For Security issues please use: firstname.lastname@example.org
For Network, server, or service issues please use: email@example.com
In an Emergency you can contact Team Cymru at: +1 847 378 3301
Team Cymru’s hours of operation are generally restricted to regular business hours: 09:00 to 17:00 Monday to Friday except public holidays.
3.1. Mission Statement
Since 2005, Team Cymru’s mission has been to save and improve lives by working with public and private sector entities to discover, track and take down threat actors and criminals around the globe.
3.3. Sponsorship and/or Affiliation
Since 2005, Team Cymru’s mission has been to save and improve lives by working with public and private sector entities to discover, track and take down threat actors and criminals around the globe. We do this by delivering comprehensive visibility into global cyber threat activity. Team Cymru collects, processes and aggregates global network traffic and 50+ other types of data to give our clients Pure Signal™. This provides the broadest visibility into malicious activity across the Internet. We are scoring 94,000,000 events per day and delivering that information to our users in an actionable way.
The most advanced cybersecurity teams and investigators around the world rely on our solutions to uncover the who, what, when, where and why of malicious behavior. They also leverage this global visibility to identify, map, and block malicious infrastructure before threats even reach their enterprises’ doorsteps. Our data is incomparable — Pure Signal™ — and our partners and clients use it to make the world a safer place.
Team Cymru coordinates security incidents on behalf of their constituency at their constituents’ request.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY.
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled confidentially by Team Cymru, regardless of its priority.
When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well.
Team Cymru supports the Information Sharing Traffic Light Protocol (ISTLP see https://www.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf) – information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
4.3. Communication and Authentication
See 2.8 above. Usage of PGP/GnuPG in all cases where sensitive information is involved is highly recommended.
5.1. Incident Response (Triage, Coordination and Resolution)
Team Cymru can assist system administrators in handling the technical and organizational aspects of computer security incidents.
5.2. Proactive Activities
See the following web pages for Team Cymru internet community services provided at no charge:
Team Cymru provides various also commercial services which are outlined at https://www.team-cymru.com/products/.
6. Incident Reporting Forms
Please report all incidents using (preferably encrypted) e-mail. See section 2.11 above.