DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Do Not Fuck With Santa: How We Caught the Christmas Gaming DDoS 3.5 Hours Early

Patrick Duggan
Dec 24, 2025
2 min read

Category: security

Christmas Eve. Kids waiting for presents. Gamers waiting for Steam sales. And somewhere, Aisuru botnet operators waiting to ruin everyone's holiday.

They didn't count on Santa watching.

The Attack

At approximately 2pm ET (19:00 UTC), gamers worldwide started screaming into the void:

• Steam - Down

• Xbox Live - Down

• PlayStation Network - Down

• Riot Games - Down

• Epic Games - Down

Coordinated. Deliberate. Christmas Eve timing for maximum chaos, minimum SOC staffing.

We Saw It Coming

Here's the thing about running a threat intel operation from Minnesota: we're always watching. And at 15:50 UTC - three and a half hours before the attack - our OSINT Volley ingested something interesting from ThreatFox:

20 fresh Aisuru botnet C2 servers. All DigitalOcean. All port 8001. All staging.

| Time (UTC) | Event | |------------|-------| | 15:26 | ThreatFox publishes Aisuru C2s | | 15:50 | DugganUSA ingests IOCs | | 19:00 | Gaming platforms go dark |

We had the attack infrastructure indexed before the first packet flew.

The IOCs

All DigitalOcean. All port 8001. All Aisuru botnet C2:

167.99.40.241    192.241.151.72   157.245.34.98
188.166.172.127  165.22.204.167   159.65.206.134
206.189.201.2    152.42.133.61    138.68.191.203
157.230.216.0    104.248.162.141  159.203.99.218
138.68.148.170   159.223.12.47    134.209.123.74
188.166.80.209   24.199.86.99     46.101.38.94
104.236.220.23   134.209.22.74

What We Did

Within hours of the attack:

1. Published OTX Pulse - 20 IOCs with full attribution 2. Updated STIX Feed - AT&T, Microsoft, and other consumers got the intel automatically 3. Emailed Gaming Security Teams - Valve, Microsoft, Riot, Epic all received direct notification with timeline and IOCs 4. Reported to AbuseIPDB - Hit rate limit (we'd already reported 5,000 IPs today), queued for tomorrow

Aisuru Botnet Background

Aisuru isn't new. First discovered by XLab researchers in August 2024, this botnet has been breaking records:

• May 2025: Hit KrebsOnSecurity with 6.3 Tbps

• October 2025: Suspected in gaming platform outages reaching 29.69 Tbps

• December 2025: Christmas Eve coordinated attack

They're getting bolder. And bigger.

The Lesson

You can attack on Christmas Eve. You can target gamers when they're most vulnerable. You can time it for skeleton SOC crews.

But somewhere in Minnesota, there's a guy in slippers with a STIX feed who doesn't take holidays.

Santa sees you when you're probing. Santa knows when you're staged. Santa's got a threat feed, for goodness sake.

Get The Intel

• OTX Pulse: https://otx.alienvault.com/pulse/694c5004c8e2bcfb9c19c48c

• STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

• Source: ThreatFox (abuse.ch)

Merry Christmas. Block those IPs.

*DugganUSA LLC - Because threat actors don't take holidays, and neither do we.*

#aisuru #ddos #gaming #steam #xbox #playstation #riot #epic #christmas2025 #threatintel

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]