In the today's presentation "How to try to catch the hackers?", slide 13, a question was asked: what are the security companies doing by sending UDP probes?
I worked at Qrator Labs before, and I know the team behind this probing. If you want to know more, there's an article on the website: https://radar.qrator.net/learn/2?article=23
I don't know what Palo Alto is doing, but maybe similar things?