Threat Hunting 11 Aug 2023 Table of Contents Remote Access Trojans (RATs) Remote Monitoring and Management (RMM) User Agents SystemBC Misc Remote Access Trojans (RATs) AsyncRAT AsyncRAT, Part 2 Quasar Rat Remote Monitoring and Management (RMM) action1 DWservice Remote Monitoring & Management (RMM) Splashtop User Agents User-Agent analysis User-Agents, Part 2 User-Agents, Part 3 SystemBC PowerShell version of SystemBC Misc NamedPipes DHCP Logs Hunting for hostname outliers Hidden User Account Non-Sucking Service Manager Renamed Binares NSudo