Threat Group Assessment: Muddled Libra

    Tuesday, May 20, 2025 In: Threat Research Print

    Date: 05/20/2025

    Severity: High

    Summary

    Muddled Libra’s operations have evolved throughout 2024. As members rotate in and out, the group’s capabilities and tactics continue to adapt. Their toolkit now includes end-user and helpdesk social engineering, traditional phishing, insider access via business process outsourcers, and ransomware partnerships for extortion. Positioned at the crossroads of crafty social engineering and agile technical innovation, Muddled Libra poses a serious threat—even to organizations with mature cybersecurity defenses.

    Indicators of Compromise (IOC) List

    IP Address : 

    104.247.82.11

    105.101.56.49

    105.158.12.236

    134.209.48.68

    137.220.61.53

    138.68.27.0

    146.190.44.66

    149.28.125.96

    157.245.4.113

    159.223.208.47

    159.223.238.0

    162.19.135.215

    164.92.234.104

    165.22.201.77

    167.99.221.10

    172.96.11.245

    185.56.80.28

    188.166.92.55

    193.149.129.177

    207.148.0.54

    213.226.123.104

    35.175.153.217

    45.156.85.140

    45.32.221.250

    64.227.30.114

    79.137.196.160

    92.99.114.231

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address : 

    dstipaddress IN ("146.190.44.66","172.96.11.245","137.220.61.53","188.166.92.55","159.223.208.47","35.175.153.217","45.156.85.140","45.32.221.250","193.149.129.177","159.223.238.0","138.68.27.0","104.247.82.11","185.56.80.28","149.28.125.96","92.99.114.231","164.92.234.104","162.19.135.215","105.158.12.236","105.101.56.49","64.227.30.114","134.209.48.68","157.245.4.113","165.22.201.77","167.99.221.10","207.148.0.54","213.226.123.104","79.137.196.160") or srcipaddress IN ("146.190.44.66","172.96.11.245","137.220.61.53","188.166.92.55","159.223.208.47","35.175.153.217","45.156.85.140","45.32.221.250","193.149.129.177","159.223.238.0","138.68.27.0","104.247.82.11","185.56.80.28","149.28.125.96","92.99.114.231","164.92.234.104","162.19.135.215","105.158.12.236","105.101.56.49","64.227.30.114","134.209.48.68","157.245.4.113","165.22.201.77","167.99.221.10","207.148.0.54","213.226.123.104","79.137.196.160")

    Reference:

    https://unit42.paloaltonetworks.com/muddled-libra/ 


    Tags

    MalwareMuddled LibraRansomwarePhishingExtortionSocial Engineering

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.