Adhoc TrickBot Analysis - to 1000062

Following on from my initial adhoc analysis, the following graph shows the number of server entries using ports 443 and 449 across 43 versions of the TrickBot Banking Trojan, up to 1000062.

In addition, the following table shows the breakdown of detected TrickBot campaign 'gtag' (group tags) values used in the 83 mcconfs analysed. (Note: I've analysed multiple mcconfs with the same version number, and in each case the server list is the same for a particular version.)

The following table shows the IP usage across the 43 TrickBot versions.

Lastly, the following table shows the top 25 servers used within the 43 versions.

Thanks to @VK_Intel, @mpvillafranca94, @ArnaudDlms, and @James_inthe_box for providing the configurations.