TrickBot’s Anchor variant, first seen on VirusTotal in July 2018, is targeting high-value victims for financial reasons. It communicates with the command and control (C2) server over DNS and according to an analysis from NTT security company it targets organizations in the financial sector. TrickBot is open to any threat actor willing to pay the price for using its tools, infrastructure, and big data carefully processed to allow selection of high-profile targets. The same domain was seen in an attack against the Chilean Redbanc in December 2018.
Source: https://www.bleepingcomputer.com/news/security/lazarus-hackers-use-trickbot-to-infect-high-end-victims/