IOC pivotioc · name
go-http-client
IR · IranAPT33confidence · high
User-agent string Microsoft observed in the Feb-Jul 2023 Peach Sandstorm password-spray wave against thousands of organizations in satellite, defense and pharmaceutical sectors. Sprays were routed through TOR exit nodes; Microsoft attributes the activity to overlaps with APT33 / Elfin / Refined Kitten.
- first seen
- Jan 31, 2023
- publisher
- Microsoft