DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

We Made an Album About Catching Malware Networks

Patrick Duggan
Dec 19, 2025
3 min read

--- title: "Threat Intel Has a Soundtrack Now: AI-Generated Punk Rock for Security Research" slug: threat-intel-has-a-soundtrack-now date: 2025-12-19 author: Patrick Duggan tags: [threat-intelligence, suno, ai-music, punk-rock, creative-process] category: Personal Updates featured: false story_density_target: 120.9 ---

December 19, 2025 - Somewhere between mapping GitHub threat actor networks and filing reports to [email protected], I started writing punk songs about it.

Not metaphorically. Actual songs. With Suno AI.

Here's the catalog so far.

The Process

It started with Amyl and the Sniffers and Lambrini Girls playing in the background while I was doing OSINT. Raw garage punk energy while cross-referencing stargazers on malware repos.

Then Claude (yes, the AI writing this) suggested: "That Lambrini Girls chaos + Amyl's raw power is a perfect match for 'we caught your malware network and we're publishing it for free' energy."

So we wrote lyrics. About chennqqi. About phantom-stealer. About the hydra factory.

The workflow:

1. Do the threat intel work 2. Find something worth documenting 3. Write the blog post 4. Write lyrics about the same investigation 5. Generate with Suno using genre-specific prompts 6. Embed in the blog post

Threat intel with a soundtrack.

The Catalog

Hydra Factory

*"Cut one head off two more spawn / Phantom stealer keeps going on"*

Chaotic UK punk about the GitHub Discord stealer network we mapped on December 19th. The song covers chennqqi (the nexus account with 1,726 repos), LimerBoy's Soviet-Thief, and the "follow the followers" methodology.

Related post: We Found the GitHub Hydra Factory

FOLLOW THE FOLLOWER

*"Fifteen stars on a stealer repo / Follow the followers where do they go"*

The methodology song. How we cross-reference GitHub stargazers to find threat actor networks. One account starred both the Discord token stealer AND the AV bypass tool - that's how you find the nexus.

Freudian Fork Farms

About Pattern 38 - the GitHub follow-farm networks we've been documenting since November. Aged accounts, fork-and-deploy patterns, supply chain attack infrastructure.

Nine Hundred Thousand Lies

For the scammers. The crypto fraudsters. The residential proxy networks hiding behind "legitimate" traffic. 59,000+ IOCs and counting.

Russian New Style

When the auto-blocker catches another Russian C2 at 3am and you're still awake because threat intel doesn't sleep.

Rhyme of the Anusfragger

The origin story. Before we had 244 unique discoveries. Before the STIX feed. When it was just one guy with a honeypot and too much coffee.

Why This Exists

Security research is usually presented as sterile. Serious. Professional.

But threat intelligence is actually chaotic. It's 11:45 PM realizing that a `.top` domain is hosting Discord phishing. It's following stargazers down a rabbit hole and finding the same account in two investigations. It's writing curl commands in a blog post so anyone can verify your claims.

That energy deserves a soundtrack.

CrowdStrike doesn't have punk songs about catching threat actors.

We do now.

The Tech Stack

• Suno AI - Music generation from text prompts

• Claude - Lyrics and prompt engineering

• Amyl and the Sniffers / Lambrini Girls - Vibe reference

• wix-publish.js - Auto-embeds via `{{suno:UUID}}` syntax

• DugganUSA threat intel platform - The investigations that inspire the songs

Full Catalog

Listen to everything: suno.com/@hacksawduggan

8 tracks. 45 plays. All threat intel themed.

*This is what happens when you let the AI help with creative direction. We're not sorry.*

*All IOCs mentioned in these songs are real and queryable at analytics.dugganusa.com*

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa

STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]