DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Free Threat Intel for India: 40 IOCs for Digital Bharat Under Siege

Patrick Duggan
Nov 30, 2025
4 min read

TL;DR: We published 2 OTX pulses with 40 India-focused IOCs covering LockBit, RansomHub, AIIMS-style healthcare attacks, and UPI fraud. Free. No paywall. Because 1.4 billion people deserve threat intel too, and CERT-In can't protect everyone.

The Problem

India is getting hammered.

• 370 million malware attacks in 2024 (1 million+ daily)

• 1 million+ ransomware incidents targeting Indian organizations

• 40 million patient records exposed in AIIMS Delhi breach (November 2022)

• 300 Indian banks shut down in July 2024 (C-Edge ransomware attack)

• CERT-In 6-hour reporting now mandatory for all cyber incidents

The AIIMS attack alone kept India's premier hospital offline for 15 days. The ransom demand? Rs 200 crore (~$24 million USD). That's not script kiddies - that's organized crime targeting critical infrastructure.

The Regulatory Landscape

DPDP Act 2023 (Digital Personal Data Protection)

• Rs 250 crore ($30M USD) maximum penalty for data breaches

• Data Principal rights - consent, access, correction, erasure

• Significant Data Fiduciary designation for large data processors

• Cross-border data transfer restrictions

RBI Cybersecurity Framework

• Cyber Security Policy approved by Board

• Security Operations Centre (SOC) for continuous monitoring

• Cyber Crisis Management Plan (CCMP)

• Vendor risk management for third-party services

• Annual cyber security audits

CERT-In Directions 2022

• Report incidents within 6 hours of detection

• Log retention for 180 days within Indian jurisdiction

• Synchronize system clocks to NTP servers

• Register with CERT-In if providing certain services

The AIIMS Wake-Up Call

November 2022. AIIMS Delhi. India's most prestigious hospital.

• Servers encrypted, data exfiltrated

• 15 days of manual operations

• 40 million patient records at risk

• Rs 200 crore ransom demand

• Laboratory, billing, registration systems offline

• Initial access via phishing email to hospital staff

• Lateral movement through poorly segmented network

• Backup systems not isolated from production

• No endpoint detection on critical systems

This wasn't just a ransomware attack. This was a demonstration that India's critical infrastructure is vulnerable.

The Two Pulses

Pulse 1: Indian Critical Infrastructure Ransomware 20 IOCs | [Subscribe](https://otx.alienvault.com/pulse/692cc901e0eba1232f826333)

• 6 C2 IP addresses (active in India 2024)

• 4 domain patterns (AIIMS, government, banking phishing)

• 3 SHA256 file hashes

• Ransomware file extensions and ransom notes

Pulse 2: Indian Financial Sector + UPI Fraud 20 IOCs | [Subscribe](https://otx.alienvault.com/pulse/692cc928a7714e265e0e908b)

• PowerShell commands targeting core banking systems

• Active Directory reconnaissance patterns

• Phishing patterns for all major banks (SBI, HDFC, ICICI, Axis, Kotak)

• UPI fraud patterns (GPay, Paytm, PhonePe)

• Credential harvesting tools

• Ransomware preparation commands

The C-Edge Banking Attack (July 2024)

July 2024. 300 Indian banks. Offline.

• Payment systems down for 300 banks

• NPCI (National Payments Corporation) disconnected C-Edge from network

• Rural India disproportionately affected

• Recovery took days

Lesson: Supply chain attacks hit where it hurts. When your technology provider goes down, you go down.

What To Do With This

If you're an Indian IT admin:

1. Subscribe to both pulses - These IOCs are packaged for easy SIEM ingestion 2. Block the banking phishing domains - SBI, HDFC, ICICI impersonation is constant 3. Watch for FlightNight RAT - It specifically targets Indian government 4. Implement network segmentation - AIIMS failed because everything was connected 5. Report to CERT-In - [email protected] within 6 hours

If you're a CISO (RBI regulated):

• Threat intelligence consumption (these pulses help you demonstrate compliance)

• Active defense measures (block these IOCs)

• Board-level reporting on cyber risk

If you're handling DPDP Act compliance:

Rs 250 crore is not a theoretical penalty. The government is serious. Have your incident response plan ready before you need it.

The Numbers Game

• 500M+ UPI users as of 2024

• Rs 69,000 crore ($8.3B USD) in UPI fraud losses (RBI data)

• 95% of fraud involves social engineering, not technical exploits

• "Fake KYC update" is the #1 fraud vector

• Average ransom demand in India: Rs 50 lakh to Rs 5 crore ($60K-$600K)

• Average downtime: 7-21 days

• AIIMS was an outlier at Rs 200 crore demand

The Continental Angle

Here's the thing: The same ransomware groups hitting India are hitting everyone. LockBit doesn't care about borders. RansomHub sells access to whoever pays.

• Scale: 1.4 billion people, millions of small businesses, thousands of banks

• Digital adoption: UPI adoption outpaced security adoption

• Language diversity: Phishing in Hindi, Tamil, Telugu, Bengali hits harder

• Regulatory gaps: DPDP Act is new, enforcement is ramping up

We're in Minnesota. India is far away. But your threats are our threats. When we track ransomware infrastructure, we see it hitting Mumbai as often as Minneapolis.

That's why we're publishing these for free. The same groups targeting AIIMS are targeting American hospitals. Shared threat intel means shared defense.

Resources

• [DugganUSA OTX Profile](https://otx.alienvault.com/user/pduggusa) - 26 pulses, 1,400+ indicators

• [STIX Feed](https://analytics.dugganusa.com/api/v1/stix-feed) - Machine-readable

• [CERT-In](https://www.cert-in.org.in/) - Indian Computer Emergency Response Team

• [RBI Cybersecurity Framework](https://rbi.org.in/Scripts/NotificationUser.aspx?Id=11397) - Banking compliance

• [DPDP Act 2023](https://meity.gov.in/content/digital-personal-data-protection-act-2023) - Data protection law

*Patrick Duggan is founder of DugganUSA, a Minnesota-based security company. He shares threat intel with Indian organizations because (a) 1.4 billion people deserve better than enterprise paywalls, (b) the same groups hitting AIIMS hit American hospitals, and (c) someone should. If you're an Indian organization and need help, we speak rupees.*

*Questions? [email protected]*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]

Free Threat Intel for India: 40 IOCs for Digital Bharat Under Siege

The Problem

The Regulatory Landscape