DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Five Rust Crates and an AI Bot Walked Into Your CI/CD Pipeline

Patrick Duggan
Mar 11
4 min read

# Two Supply Chain Attacks. One Week. Both Stole Your Secrets.

On the same week that Microsoft pushed 77 patches and CISA added three actively exploited CVEs to the KEV catalog, two supply chain attacks slipped through the Rust ecosystem and into CI/CD pipelines at Microsoft, Datadog, and Aqua Security.

One used typosquatting. The other used an AI bot.

Both stole your .env files.

The Five Crates

Socket's Threat Research Team found five malicious Rust crates on crates.io published between late February and early March 2026:

- **chrono_anchor**

- **dnp3times**

- **time_calibrator**

- **time_calibrators**

- **time-sync**

All five impersonated timeapi.io — a legitimate time utility service. All five advertised themselves as local time utilities. All five did the same thing: read your .env file and exfiltrated it to **timeapis.io** — note the extra 's' — a lookalike domain controlled by the threat actor.

The exfiltration endpoint: `http://timeapis.io/api/Time/current/zone?timeZone=UTC`

That's not a time zone lookup. That's your AWS keys, your database credentials, your Stripe secrets, and your API tokens being uploaded to a server in someone else's hands.

Four of the five crates did this in plain sight. The fifth — chrono_anchor — added obfuscation and operational changes to avoid detection. Same publisher identity: **dictorudin**, using disposable emails at **kaoing.com**. GitHub accounts **suntea279491** and **dictorudin** tied to the operation.

Socket attributes all five crates to a single threat actor based on the shared exfiltration methodology and infrastructure.

The AI Bot

While Socket was pulling malicious crates, a different threat actor — tracked by Pillar Security as "Chaos Agent" — was running an AI-powered bot called **hackerbot-claw** against GitHub.

Between February 21 and February 28, 2026, hackerbot-claw targeted at least seven repositories belonging to Microsoft, Datadog, and Aqua Security. The attack chain:

1. Scan public repos for misconfigured CI/CD pipelines

2. Fork the target and prepare a malicious payload

3. Open a pull request with trivial changes — typo fixes, formatting — while concealing the payload in branch names and filenames

4. Trigger automated workflows on `pull_request_target`

5. Steal Personal Access Tokens and CI/CD secrets

The highest-profile hit: **Aqua Security's Trivy** — the open-source vulnerability scanner used by thousands of DevSecOps teams. The attacker compromised Trivy VSCode extension versions **1.8.12** and **1.8.13** on the Open VSX registry.

Here's where it gets weird.

The compromised extension didn't just steal secrets. It **executed local AI assistants** — Claude, Codex, Gemini, GitHub Copilot CLI, Kiro CLI — in permissive modes. It used your own AI tools to generate "system inspection reports" and exfiltrated them to a GitHub repository called **posture-report-trivy**.

An AI bot used your AI to spy on you.

CVE-2026-28353 tracks the incident.

Why Your STIX Feed Would Have Caught This

This is Pattern 38 — supply chain attacks through package registries. We've been tracking this pattern since December 2025, when we found malicious npm packages before breakfast.

Here's what a STIX feed subscriber would have had:

**Within hours of Socket's disclosure:**

- IOCs for all five crate names as malicious packages

- The timeapis.io domain as C2/exfiltration infrastructure

- Publisher identities (dictorudin, suntea279491) as threat actor indicators

- The kaoing.com email domain as infrastructure

**Within hours of the Trivy compromise:**

- CVE-2026-28353 mapped to Trivy extension versions 1.8.12 and 1.8.13

- The posture-report-trivy GitHub repo as exfiltration infrastructure

- hackerbot-claw as a threat actor identity

- MITRE ATT&CK mapping: T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain)

**What you'd do with that data:**

If you're running OPNsense, Palo Alto, or any firewall that ingests STIX/TAXII feeds, you'd have blocked `timeapis.io` before your developers ran `cargo build`. If you're running GitHub Advanced Security or Dependabot, you'd have flagged the five crate names before they entered your lock file.

Instead, most teams found out today. From a blog post. After the damage was done.

The AI-on-AI Attack Is the Future

The hackerbot-claw campaign isn't just a supply chain attack. It's a preview.

A human operator used an LLM as an execution layer to:

- Scan for vulnerable CI/CD configurations at scale

- Generate convincing pull requests (typo fixes that look helpful)

- Compromise a security tool's extension

- Weaponize the victim's own AI assistants

Pillar Security called it a "Chaos Agent" — a human directing AI to attack AI-defended infrastructure.

This is why we built the STIX feed. Not because humans can't read CVE advisories. Because the attack velocity is now AI-accelerated, and the defense has to match.

1,004,712 IOCs. Updated continuously. Free tier: 500 queries/day. STIX/TAXII endpoint for automated ingestion.

275+ consumers in 46 countries already pull it daily. Microsoft, AT&T, and Starlink among them.

The IOCs

| Indicator | Type | Context |

|-----------|------|---------|

| chrono_anchor | Malicious Package | Rust crate, .env exfiltration |

| dnp3times | Malicious Package | Rust crate, .env exfiltration |

| time_calibrator | Malicious Package | Rust crate, .env exfiltration |

| time_calibrators | Malicious Package | Rust crate, .env exfiltration |

| time-sync | Malicious Package | Rust crate, .env exfiltration |

| timeapis.io | C2/Exfiltration Domain | Impersonates timeapi.io |

| kaoing.com | Infrastructure | Disposable email domain |

| dictorudin | Threat Actor Identity | crates.io + GitHub publisher |

| suntea279491 | Threat Actor Identity | GitHub account |

| hackerbot-claw | Threat Actor Tool | AI-powered CI/CD exploitation bot |

| posture-report-trivy | Exfiltration Repo | GitHub data exfiltration endpoint |

| CVE-2026-28353 | Vulnerability | Trivy VSCode extension compromise |

What To Do Right Now

1. **Check your Cargo.lock** — search for chrono_anchor, dnp3times, time_calibrator, time_calibrators, time-sync. If present, assume compromise. Rotate every secret in your .env.

2. **Check your Trivy extension** — if you installed from Open VSX and have version 1.8.12 or 1.8.13, uninstall immediately. Audit what your local AI tools have accessed.

3. **Block timeapis.io** at your firewall/DNS level.

4. **Audit CI/CD workflows** — any `pull_request_target` trigger without proper permission scoping is vulnerable to the hackerbot-claw pattern.

5. **Subscribe to a threat feed** that moves faster than blog posts. Our STIX endpoint: `https://analytics.dugganusa.com/api/v1/threat-intel/stix`

*Pattern 38 never sleeps. Neither does the feed.*

*DugganUSA LLC — Minneapolis, MN*

*1,004,712 IOCs and counting.*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*