Brian ClarkRE: https://infosec.exchange/@VirusBulletin/116294907171305521
Etherhiding is an established but lesser known method of providing C2 information to malware. Most businesses do not need to allow access to the blockchain-related API / RPC endpoints used by this technique. I highly recommend you block them.
eth.llamarpc.com
mainnet.gateway.tenderly.co
rpc.flashbots.net
rpc.mevblocker.io
eth-mainnet.public.blastapi.io
ethereum-rpc.publicnode.com
rpc.payload.de
eth.drpc.org
eth.merkle.io