Interesting malware. It's probably a good idea to locally block their IoC domains [1] in the local DNS resolver. Probably won't help people using public DoH servers though.

[1] - https://github.com/Cisco-Talos/IOCs/tree/main/2023/05

I searched for a few domains and they indeed have been picked up by multiple feeds: https://archive.vn/e8GNj

Cloudflare's 1.1.1.2 is also blocking those domains.

> block their IoC domains

And IoC raw IPs. Although that could break the web as IPV4 addresses change hands all the time, so you could overblock.

Good point. One could minimize risk by looking up what AS# each of those is under [1][2] to get an idea if one is blocking a CDN at least I suppose. Time consuming but can be done.

[1] - https://bgp.tools/

[2] - https://bgp.he.net/