
New Mozart Malware Gets Commands, Hides Traffic Using DNS - throw0101a
https://www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/
======
throw0101a
This came out at the same time that Firefox started enabling DoH. Luckily the
malware didn't use DoH so it was able to be analyzed.

DoT of course is encrypted, but can be better monitored / filtered because it
has its own port.

