DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Threat Brief: February 3, 2026

Patrick Duggan
Feb 3
2 min read

# Threat Brief: February 3, 2026

**Published:** February 3, 2026

**Author:** DugganUSA Threat Intelligence

**Classification:** TLP:WHITE

Critical: WordPress Plugin Under Active Exploitation

**CVE-2026-23550** - A maximum severity (CVSS 10.0) vulnerability in the WordPress plugin "Modular DS" is being actively exploited in the wild. All versions through 2.5.1 are vulnerable to unauthenticated privilege escalation.

**Action Required:** Update immediately or disable the plugin.

CISA Deadline Today: Windows Zero-Day

**CVE-2026-20805** - Microsoft's first zero-day of 2026, an info-disclosure vulnerability, has a federal patch deadline of **today, February 3**. If you're running Windows systems, verify your January patches are applied.

Active Campaigns

Malicious AI Assistant Packages

Over 230 malicious "skills" for the OpenClaw AI assistant have been identified. These packages impersonate legitimate utilities but deliver credential-stealing malware. Review any recently installed AI assistant plugins.

Aisuru Botnet Sets DDoS Record

The Aisuru botnet launched an unprecedented attack peaking at **31.4 Tbps** and 200 million requests per second, primarily targeting telecommunications providers.

RedKitten APT

Iranian state-aligned threat actor targeting NGOs and individuals documenting human rights abuses. Farsi-speaking operators using spearphishing and credential harvesting.

Rhysida Ransomware

Healthcare sector hit again - MACT Health Board in California's Sierra Foothills confirmed breach with patient PII and medical records compromised.

Fresh IOCs

| Indicator | Type | Threat |

|-----------|------|--------|

| tg.nm48.com | Hostname | Malware C2 |

| 45.151.91.164 | IPv4 | Malware dropper |

| 167.86.95.233 | IPv4 | Malware dropper |

| wickerwear.uk.com | Hostname | Malware distribution |

| dhjfgt4rzuu6tfdo85wfjj.followz.st | Hostname | Malware C2 |

These indicators are available in our STIX 2.1 feed: `https://analytics.dugganusa.com/api/v1/threat-intel/stix/bundle`

DugganUSA Perimeter Status

Our automated defenses blocked 20 IPs in the last 24 hours. Heavy activity from Chinese IP ranges:

- Beijing Qihu Technology Company Limited (multiple IPs, scores 118-130)

- Tencent Cloud (Hong Kong)

Current threat level: **NORMAL (0%)**

Recommendations

1. **WordPress admins:** Patch Modular DS immediately or remove

2. **Windows systems:** Verify January 2026 patches applied (CISA deadline today)

3. **AI tool users:** Audit any OpenClaw skills installed in last 30 days

4. **Healthcare orgs:** Review Rhysida TTPs, check backup integrity

5. **Block the IOCs above** at your perimeter

*Subscribe to our STIX feed for real-time IOC updates. Questions? [email protected]*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*