DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Threat Brief: February 6, 2026

Patrick Duggan
Feb 6
2 min read

# Threat Brief: February 6, 2026

**THREAT LEVEL: NORMAL** | All precursor signals nominal

CISA KEV Updates (New This Week)

|------|-----|---------|--------|

| 2026-02-05 | CVE-2025-11953 | React Native Community CLI | Patch immediately |

| 2026-02-05 | CVE-2026-24423 | SmarterTools SmarterMail | Patch immediately |

| 2026-02-03 | CVE-2021-39935 | GitLab CE/EE | Patch if unpatched |

| 2026-02-03 | CVE-2025-64328 | Sangoma FreePBX | Patch immediately |

| 2026-02-03 | CVE-2019-19006 | Sangoma FreePBX | Patch if unpatched |

**Priority**: SmarterMail and FreePBX exploits are being actively exploited in the wild.

Beijing Qihu Scanning Campaign

We're seeing sustained scanning from the `101.198.0.0/24` netblock (Beijing Qihu Technology Company Limited):

|----|-----------------|---------------|-----------------|

| 101.198.0.133 | 100 | 3 | T1190 - Exploit Public-Facing App |

| 101.198.0.135 | 100 | 4 | T1190 - Exploit Public-Facing App |

| 101.198.0.140 | 99 | 1 | T1190 - Exploit Public-Facing App |

| 101.198.0.181 | 100 | 4 | T1190 - Exploit Public-Facing App |

**Recommendation**: Block the entire /24 at your perimeter. These are dedicated scanning hosts.

Ransomware Activity

0APT RaaS (NEW)

A new Ransomware-as-a-Service syndicate emerged this week. **71 organizations compromised in 48 hours**. Severity: CRITICAL. Limited IOCs available - monitor for updates.

Clop (ONGOING)

Clop continues exploiting file transfer platforms:

- Recent victims: Hilton, law firms, healthcare providers

- Attack vector: Zero-days in Cleo, MOVEit, GoAnywhere

- Defense: Remove MFT platforms from direct internet exposure

LockBit/BlackBasta (ONGOING)

Targeting financial sector via Citrix Bleed (CVE-2023-4966). ICBC disruption caused $9B Treasury settlement chaos.

Active APT Groups

China-based threat actors remain most active against US targets:

| Group | Also Known As | Primary Target |

|-------|---------------|----------------|

| Comment Crew | APT1, PLA Unit 61398 | US critical infrastructure |

| Codoso | APT19 | Banks, law firms, tech companies |

| Nitro | Covert Grove | Chemical/manufacturing IP theft |

Our Index Stats

| Index | Documents | Purpose |

|-------|-----------|---------|

| IOCs | 252,385 | Indicators of compromise |

| Blocked | 3,389 | Known bad actors |

| Block Events | 148,012 | Firewall decisions |

| CISA KEV | 1,507 | Actively exploited CVEs |

| Adversaries | 346 | APT group profiles |

Recommended Actions

1. **Patch SmarterMail** if you run it - CVE-2026-24423 is being exploited

2. **Block 101.198.0.0/24** - Dedicated Chinese scanning infrastructure

3. **Audit MFT exposure** - Cleo, MOVEit, GoAnywhere should not be internet-facing

4. **Monitor for 0APT RaaS IOCs** - New syndicate moving fast

*DugganUSA Threat Intelligence*

*STIX Feed: analytics.dugganusa.com/api/v1/stix-feed*

*Index: 252,385 IOCs | 1,507 CISA KEV | 346 APT profiles*

*Her name was Renee Nicole Good.*

*His name was Alex Jeffery Pretti.*