Blog Post

The Human Connection Blog
1 MIN READ

New CTI Labs: Threat Actor - Peach Sandstorm and Tickler Malware

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
9 months ago

Today we have released two brand new labs related to the Threat Actor Peach Sandstorm and the newly discovered Tickler Malware!

Peach Sandstorm is a suspected Iranian state-sponsored threat actor that primarily targets organizations in the satellite, communications equipment, oil and gas, and federal and state government sectors in the United States and the United Arab Emirates.

Why have we created this content?
Microsoft recently reported on this threat actor evolving its tradecraft and using a new multi-stage backdoor called Tickler. This threat actor also uses password-spraying to obtain credentials to Azure services to persist and repurpose them into command and control infrastructure. Targets of interest involve the United States, Western Europe, and the United Arab Emirates.

What are we publishing?
All customers on a CyberPro License have immediate access to these new labs.

Who is this content for?
These labs are focused on upskilling and increasing the defensive capabilities of the following roles:

  • SOC Analysts
  • Incident Responders
  • Cyber Threat Intelligence Analysts
  • Threat Hunters
  • Malware Analysts
Updated 9 months ago
Version 2.0
content updates
cyber pro
cyber threat intelligence
BenMcCarthy's avatar
Icon for Immerser rankImmerser
Lead Cyber Security Engineer. I lead the team that releases the content for the CTI part of the platform! Latest CVEs, malware threats and emerging threats all within 24 hours.
View Profile
The Human Connection Blog
Learn from our passionate experts on a wide range of subjects from Cyber Threat Research to maximizing value with Immersive, plus, hear from our outstanding customers who are keen to share their experiences.