2021-03-24 Trickbot IOCs

1. THREAT IDENTIFICATION: TRICKBOT
2.  
3. TRICKBOT GTAG
4. gtag: rob36
5.  
6. SUBJECTS OBSERVED
7. Auto ID Card Ready to Print #35873856
8.  
9. SENDERS OBSERVED
10. THOMAS THOMAS <wisecrack@miltonbayer.net>
11.  
12. MALDOC FILE HASHES
13. Id_Card-32213.xlsm
14. 269aab297d58b5e9d137c6cb2028cd49
15.  
16. TRICKBOT PAYLOAD URLS
17. http://truemerit.io/databases/merit.php
18.  
19. http://192.3.247.103/images/redbutton.png
20. http://192.3.247.103/images/cutscroll.png
21.  
22. TRICKBOT PAYLOAD FILE HASHES
23. i1zTJfH.sitecounter
24. 2ae20b49ac0c8f59eaca5e08a319892c
25.  
26. TRICKBOT C2
27. https://103.102.220.50
28. https://115.241.244.185
29. https://174.105.236.140
30. https://177.84.63.252
31. https://185.119.120.213
32. https://189.195.96.238
33. https://190.89.3.117
34. https://36.95.27.243
35. https://5.202.120.150
36. https://83.220.115.230
37.  
38.