DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Untitled Blog Post

Name: DugganUSA LLC
Address: Minnesota, USA

Patrick Duggan
Dec 2, 2025
3 min read

--- title: "The Minnesota Threat Intelligence Gap (And Why We're Filling It)" subtitle: "5 Days, 51 Pulses, 5,186 IOCs - A Startup's Journey Into Cyber Defense" date: 2025-12-03 author: Patrick Duggan tags: [threat-intelligence, startup, seed-funding, otx, pattern-38, ransomware] ---

The Gap Nobody's Filling

Here's a dirty secret about threat intelligence: the big players are drowning in legacy malware signatures while fresh threats slip through GitHub every hour.

AlienVault has 566,000 indicators. Impressive. But scroll through - you'll find Berbew (a 2018 banking trojan), Skype worms from 2015, and 24,000+ generic "trojan" entries that help exactly nobody.

• `Thrbvbb` - Crypto wallet drainers

• `Aestrpljabt` - Fake balance tools

• `HangTheDrt` - Electrum phishing kits

By 6 PM Central, we'd published IOCs. By tomorrow, they'll probably be suspended. That's the gap.

What We Actually Do

DugganUSA LLC is a Minnesota-based threat intelligence operation. Two guys, a Claude Code subscription, and an unhealthy obsession with GitHub malware.

Our Niche: Pattern 38 Supply Chain Attacks

• Fake software cracks ("Adobe-Premiere-2025-Crack")

• Open source project issue comments with malicious ZIPs

• Bot farms (800+ repos, mechanical timing)

• Follower networks that amplify malware reach

We call it Pattern 38. We've documented 40+ variations.

The Numbers (5 Days In)

| Metric | Count | |--------|-------| | OTX Pulses | 51 | | Indicators Published | 5,186 | | Subscribers | 14 | | GitHub Accounts Reported | 47 | | Accounts Subsequently Suspended | 12 | | Ransomware Families Covered | 11 | | Time to IOC Publication | <4 hours |

Our Unique Methodology

1. Pattern 42 "Reblessing" - We follow threat actor social graphs. One RAT author leads to their followers, who lead to their tools, which lead to C2 infrastructure.

2. Same-Day Detection - Account created at 5 PM? We've got a pulse by 9 PM.

3. CISA-Sourced Ransomware Intel - LockBit, BlackCat, Rhysida, Cl0p - all with official advisory references.

4. Judge Dredd Disclosure - We post warnings directly on malicious repos. "I AM THE LAW."

Why This Matters

Every crypto drainer we catch saves someone's retirement. Every RAT builder we report prevents a hospital from getting pwned. Every C2 IP we publish helps a SOC analyst sleep better.

• 4 malware droppers suspended (FireSuper, rampubg14-cmyk, anuxagfr, winchmrsmilegodsgf)

• 1 C2 IP blocked (149.102.156.62 - Contabo/Rhadamanthys)

• 16 GitHub repos warned with evidence

The Business Model

Free threat intel builds reputation. Reputation builds subscribers. Subscribers become customers.

• Real-time GitHub malware alerts (API)

• Custom threat hunting for your supply chain

• Incident response with Pattern 38 expertise

• STIX feed integration for enterprise SIEMs

We're Looking for Seed Funding

Here's the honest pitch:

• Proven methodology (51 pulses in 5 days)

• Growing OTX subscriber base (14 and climbing)

• Automated detection pipeline (GitHub Actions, daily scans)

• Domain expertise (Pattern 38-42 taxonomy)

• Zero overhead (Minnesota garage operation)

• $150K seed to go full-time

• ThreatFox API access ($$$)

• VirusTotal Enterprise ($$$)

• One more analyst

• Equity in the only company doing systematic GitHub supply chain threat intel

• First-mover advantage in an underserved market

• Two founders who ship faster than your last three acquisitions

Contact

Patrick Duggan DugganUSA LLC [email protected] Minnesota, USA

• OTX: [pduggusa](https://otx.alienvault.com/user/pduggusa)

• STIX Feed: analytics.dugganusa.com/api/v1/stix-feed

• Blog: www.dugganusa.com

*"Feed subscribers get IOCs first. Bad actors get public shaming second. Investors get returns third."*

*- The DugganUSA Way*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]