本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。Week 52 – 2022 はこちらからご確認いただけます。「Buy me a coffee」からカンパをすると喜ばれます。

THREAT INTELLIGENCE/HUNTING

Adrian at ‘Agood cloud’

Doing More With Attack Navigator

go to homepage Toggle Navigation Home Blog Projects All AWS Free and Open Source TheHive/Cortex/MISP Tools Pokemon Value over the long term Celestial Storm Unbroken Bonds Hiking My hikes Contact Doing More With Attack Navigator By Adrian | December 17, 2022 MITRE ATT&CK. Its the bread and butter for Security Operations Centres. But how are you tracking what you can detect? Does your SIEM have a built in tool?, Perhaps you have you straight up copied the matrix into Excel? or keeping score in a...

Using Mitre Attack Navigator Locally

go to homepage Toggle Navigation Home Blog Projects All AWS Free and Open Source TheHive/Cortex/MISP Tools Pokemon Value over the long term Celestial Storm Unbroken Bonds Hiking My hikes Contact Using Mitre Attack Navigator Locally By Adrian | December 23, 2022 In my last post about the MITRE attack Navigator I covered how you can create multiple layers and then aggregate them together which is all well and good until you realise, that if you wanted to see that level of detail each time you ac...

Anastasios Pingios

OSINT: A Summary of SIDEWINDER Operations in 2022

OSINT: A Summary of SIDEWINDER Operations in 2022 leave a comment » SIDEWINDER (also known as RAZOR TIGER, RATTLESNAKE, T-APT-04, HARDCORE NATIONALIST, and APT-C-17) is a cyber espionage actor who has been active at least since 2012. I had a look on all the publicly known 2022 operations (that I could find) attributed to this actor to derive some insights and here’s the outcome. The main outcome we can derive is that SIDEWINDER is focusing mainly on Pakistani military targets (particularly the N...

James Liolios at Arctic Wolf

New Microsoft Exchange Exploit Chain via “OWASSRF” Leads to RCE

Atomic Matryoshka

Mimikatz 101

If you're new to the infosec/offsec space, the name "Mimikatz" may be foreign or quite vaguely familiar; however, for the folks that have been around for a bit longer, this Swiss army knife of credential collection should be no stranger. Read on to learn a bit more about the story behind this tool and what it's capable of.Curiosity killed the (closed-source version of) the catMimikatz was developed and released in 2007 (as closed source, 2012 as open source) by Benjamin Delpy, a French programme...

Francis Guibernau and Ken Towne at AttackIQ

Attack Graph Response to APT36 Targeted Attacks Against Indian Governmental Organizations
Emulating the Politically Motivated North Korean Adversary Andariel

Brad Duncan at Malware Traffic Analysis

2022-12-21 – Files for an ISC diary (malicious Google ads)

2022-12-21 (WEDNESDAY) - FILES FOR AN ISC DIARY (MALICIOUS GOOGLE ADS) NOTES: The ISC diary is for TFriday 2022-12-23: Google ad traffic leads to stealer packages based on free software Zip files and .saz archives are password-protected. If you don't know the password, see the "about" page of this website. ASSOCIATED FILES: 2022-12-21_first_run_traffic.pcap.zip 4.2 MB (4,247,806 bytes) 2022-12-21_first_run_ChromeCacheView_and_info.zip 1.2 MB (1,157,401 bytes) 2022-12-21_first_run_malware_and_art...

2022-12-20 – IcedID (Bokbot) infection with Cobalt Strike

2022-12-20 (TUESDAY) - ICEDID (BOKBOT) INFECTION WITH COBALT STRIKE REFERENCE: //twitter.com/Unit42_Intel/status/1606013040599699476 NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. ASSOCIATED FILES: 2022-12-20-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt.zip 1.7 kB (1,671 bytes) 2022-12-20-IcedID-infection-with-Cobalt-Strike.pcap.zip 4.5 MB (4,498,485 bytes) 2022-12-20-IcedID-and-Cobalt-Strike-malware-and-artifacts.zip 5.1 MB (5,...

CERT-AGID

Sintesi riepilogativa delle campagne malevole nella settimana del 10 – 16 dicembre 2022

Sintesi riepilogativa delle campagne malevole nella settimana del 10 – 16 dicembre 2022 18/12/2022 riepilogo In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 24 campagne malevole di cui 20 con obiettivi italiani e 4 generiche che hanno comunque coinvolto l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 177 indicatori di compromissione (IOC) individuati. Riportiamo in seguito il dettaglio delle tipologie...

Sintesi riepilogativa delle campagne malevole nella settimana del 17 – 23 dicembre 2022

Sintesi riepilogativa delle campagne malevole nella settimana del 17 – 23 dicembre 2022 23/12/2022 riepilogo In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 24 campagne malevole di cui 22 con obiettivi italiani e 2 generiche che hanno comunque coinvolto l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 116 indicatori di compromissione (IOC) individuati. Riportiamo in seguito il dettaglio delle tipologie...

Check Point Research

19th December – Threat Intelligence Report

Vanja Svajcer at Cisco’s Talos

Threat Spotlight: XLLing in Excel – threat actors using malicious add-ins

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins By Vanja Svajcer Tuesday, December 20, 2022 08:12 Threat Spotlight Threats SecureX Microsoft is phasing out support for executing VBA macros in downloaded Office documents.Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel—malicious add-ins, specifically XLL files.Although XLL files were supported since early versions of Excel, including Excel 97, malicious actors started using it...

Cofense

Microsoft Customer Voice URLs Used In Latest Phishing Campaign

Cyberknow

Update 21. 2022 Russia-Ukraine War — Cyber Group Tracker. December 19

Update 21. 2022 Russia-Ukraine War — Cyber Group Tracker. December 19All groups tracked since February 2022As we approach the end of the year I felt it would be worth providing an overview of all the groups I have tracked that have been engaged in some capacity in the Russia-Ukraine war in cyberspace.You may have noticed i refuse to use the term ‘cyber-war’ as I do not think this is what we are seeing, instead we are seeing supportive operations in cyberspace which as a subset of information war...

DCSO CyTec

APT41 — The spy who failed to encrypt me

DCSO CyTec BlogFollowDec 24·18 min readAPT41 — The spy who failed to encrypt meThis blog post is based on our recent investigation into one of APT41’s operations against an unnamed German company from the financial sector. The company contacted us in March 2022 after discovering a ransom note (as presented below) on several of its servers. The threat actor tried to encrypt multiple workstations in the client’s environment which was thwarted by Microsoft Defender for Endpoint (MDE). As part of th...

DeTTECT

v1.8.0

v1.8.0 Latest Latest Compare Choose a tag to compare View all tags rubinatorz released this 21 Dec 18:54 · 2 commits to master since this release v1.8.0 998187b This commit was created on GitHub.com and signed with GitHub’s verified signature. GPG key ID: 4AEE18F83AFDEB23 Learn about vigilant mode. DeTT&CT now supports ATT&CK Campaigns. It's included within the Group mode of the DeTT&CT CLI that allows you to make heat maps and overlays for both groups and campaigns. Because of this, we changed ...

Gameel Ali

Detect Nokoyawa ransomware With YARA Rule.

4 minute read On this page How to write Yara rule for Nokoyawa ransomware In the frist, we will work with 3 files that shared by zscaler Introduction Nokoyawa is a ransomware family that targets 64-bit Windows systems. It was first identified in February 2022 and is known for its use of double extortion tactics, which involve exfiltrating sensitive data from targeted organizations before encrypting files and demanding a ransom payment. The initial version of Nokoyawa was written in C programming...

Artem Grischenko at Group-IB

Godfather: A banking Trojan that is impossible to refuse

Haircutfish

TryHackMe Snort — Task 4 First Interaction with Snort, Task 5 Operation Mode 1: Sniffer Mode, &…

TryHackMe Snort — Task 4 First Interaction with Snort, Task 5 Operation Mode 1: Sniffer Mode, & Task 6 Operation Mode 2: Packet Logger Mode.If you haven’t done task 1, 2, & 3 yet, here is the link to my write-up it: Task 1 Introduction, Task 2 Interactive Material and VM, & Task 3 Introduction to IDS/IPS.Getting the VM StartedIf you don’t have the VM started or running, head back to task 2. Once there click on the green button labeled Start Machine, in the top right of the task.The screen should...

TryHackMe Snort — Task 7 Operation Mode 3: IDS/IPS & Task 8 Operation Mode 4: PCAP Investigation

TryHackMe Snort — Task 7 Operation Mode 3: IDS/IPS & Task 8 Operation Mode 4: PCAP InvestigationIf you haven’t done task 4, 5, & 6 yet, here is the link to my write-up it: Task 4 First Interaction with Snort, Task 5 Operation Mode 1: Sniffer Mode, & Task 6 Operation Mode 2: Packet Logger Mode.Getting the VM StartedIf you don’t have the VM started or running, head back to task 2. Once there click on the green button labeled Start Machine, in the top right of the task.The screen should spit in hal...

TryHackMe Snort — Task 9 Snort Rule Structure, Task 10 Snort2 Operation Logic: Points to Remember…

TryHackMe Snort — Task 9 Snort Rule Structure, Task 10 Snort2 Operation Logic: Points to Remember, & Task 11 ConclusionIf you haven’t done task 7 & 8 yet, here is the link to my write-up it: Task 7 Operation Mode 3: IDS/IPS & Task 8 Operation Mode 4: PCAP Investigation.Getting the VM StartedIf you don’t have the VM started or running, head back to task 2. Once there click on the green button labeled Start Machine, in the top right of the task.The screen should spit in half, if not scroll to the ...

PowerShell Provider Cmdlets Student Assignment From Introduction to Windows PowerShell 5.1 on Udemy

This is from the Udemy course on learning PowerShell, what is ahead is a student assignment. Here is the link to said course:Introduction to Windows PowerShell 5.1I highly recommended it for anyone that wants to learn PowerShell!! So after this section in the course, the students have a PDF they can download with questions to answer. This is my answer to said questions, or how I got to the answers.1. Update PowerShell HelpThis one is a simple command of Update-Help.But if you get an error, you c...

TryHackMe Snort Challenge — The Basics — Task 1 Introduction, Task 2 Writing IDS Rules (HTTP), &…

TryHackMe Snort Challenge — The Basics — Task 1 Introduction, Task 2 Writing IDS Rules (HTTP), & Task 3 Writing IDS Rules (FTP)Put your snort skills into practice and write snort rules to analyze live capture network traffic.Task 1 IntroductionThe room invites you a challenge to investigate a series of traffic data and stop malicious activity under two different scenarios. Let’s start working with Snort to analyze live and captured traffic.We recommend completing the Snort room first, which will...

Patrick Schläpfer at HP Wolf Security

Chinese Phishing Campaign Abuses QR Codes to Steal Credit Card Details

Josh Allman at Huntress

Using Shodan Images to Hunt Down Ransomware Groups

Previous Post In a couple of blog posts, we’ll discuss how we leverage Shodan.io to solve some security problems. In this blog, we’re going to focus on how Shodan helps us unveil some of the infrastructure that supports ransomware actors. For those of you who just got to the party and don’t happen to watch Mr. Robot, Shodan is a banner-grabbing search engine that “gathers information about all devices directly connected to the internet. If a device is directly hooked up to the internet then Shod...

InfoSec Write-ups

Pythonic Malware Part-3: In-Memory Execution and Modern Evasion

Forget compiling payloads and operating on disk — this post demonstrates the use of Python’s portable interpreter for in-memory malware deployment, even when the language isn't installed on the host.Photo by Alison Wang on UnsplashWhy Python?Python is a well known language with an infinite number of legitimate uses inside an organization. Through the use of Python’s portable, or embedded, package we can download a single .zip file and gain access to the python.exe interpreter without any install...

Know Your Adversary: Cuba Ransomware

In this article, we will try to perform a detailed technical analysis of cuba ransomware and understand the tactics, techniques, procedures of cuba ransomware attack along with its indicators of compromise (IOCs)Cuba Ransomware — Official Blog WebsiteAbout “Know Your Adversary” Series:Welcome to my “Know Your Adversary” blog series, where I will be explaining about various cyber threats that organizations face in the recent times. From ransomware and malware to trojans and advanced persistent th...

Intrusion Truth

No-limits relationship? China’s state hackers scoop up intelligence on Ukraine… and Russia

No-limits relationship? China’s state hackers scoop up intelligence on Ukraine… and Russia intrusiontruth in Russia China Cyber December 24, 2022December 22, 2022 1,574 Words #2023lifegoals As we near the end of 2022 we wanted to finish with our opinion related to the Chinese hacker paradise. Not the beaches on Hainan island, but the networks of Ukraine and Russia… This is something we have taken an interest in since we Tweeted on 15 March 2022 so wanted to pull together some fantastic work that...

Magnet Forensics at Magnet Forensics

Researching FORCEDENTRY: Detecting the Exploit With No Samples

This FORCEDENTRY post is authored by Matt Suiche (Director, Memory, IR & R&D). Earlier this month, I reached out to my friend Valentina and told her I wanted to learn about macOS/iOS exploitation, so she recommended taking a look at the CVE-2021-30860 vulnerability, also known as FORCEDENTRY, and the prior work her friend Jeffrey Hofmann posted on Twitter. One year ago, Google Project Zero published an analysis of the NSO iMessage-based zero-click exploit caught in-the-wild by Citizen Lab and wa...

Jérôme Segura at Malwarebytes Labs

Adult popunder campaign used in mainstream ad fraud scheme

Posted: December 20, 2022 by Threat Intelligence Team Taking advantage of cost effective and high traffic adult portals, a threat actor is secretly defrauding advertisers by displaying Google ads under the disguise of an XXX page. This blog post was authored by Jérôme Segura Online advertising is a multi billion dollar industry with projected spending to reach over 600 billion U.S. dollars for 2022. It's not surprising that criminals are trying their hardest to abuse this ecosystem in any way th...

Mehmet Ergene

Detecting Azure AD Account Takeover Attacks

Cloud account takeover(ATO) is an attack where attackers gain access to cloud identities by using methods like social engineering, device code phishing, etc. Detecting these attacks can sometimes be difficult. In this blog, I’ll explain how we can develop a generic detection that covers almost any, if not all, methods for Azure AD(Well, the method can be applied to other identity providers, too).The purpose of the blog was specifically about device code phishing attacks, but it turned out that a...

Microsoft Security

Microsoft research uncovers new Zerobot capabilities

Microsoft Security Threat Intelligence Share Twitter LinkedIn Facebook Email Print Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modify...

Elli at Misconfig

Play with PowerShell & MG – MS Security Graph 101

Nextron Systems

Extended ProxyNotShell Detection Covering OWASSRF

Dec 23, 2022 | Aurora, Nextron, THOR, THOR Lite In a report published on the 20th of December CrowdStrike published a report of a new technique exploiting the Microsoft Exchange vulnerability called ProxyNotShell. The called the new technique OWASSRF as it uses Outlook Web Access, CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE). PaolAlto Networks’ Unit42 released their report one day later. Dray Agha's Tweet The security researcher Dray Agha noticed the proof-of-concept ...

Palo Alto Networks

Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine

16,591 people reacted 20 15 min. read Share By Unit 42 December 20, 2022 at 3:00 AM Category: Government, Malware Tags: APTs, Cortex XDR, DNS security, Gamaredon, next-generation firewall, Phishing, primitive bear, Russia, Shuckworm, threat prevention, Trident Ursa, UAC-0010, Ukraine, URL filtering, WildFire This post is also available in: 日本語 (Japanese)Executive Summary Since our last blog in early February covering the advanced persistent threat (APT) group Trident Ursa (aka Gamaredon, UAC-001...

Meddler-in-the-Middle Phishing Attacks Explained

7,810 people reacted 8 10 min. read Share By Lucas Hu, Howard Tong, Suiqiang Deng and Alex Starov December 21, 2022 at 6:00 AM Category: Malware Tags: credential theft, Evilginx, MitM, Phishing, Phishing Kit, URL filtering This post is also available in: 日本語 (Japanese)Executive Summary We’ve probably all received advice for how to avoid phishing, such as to be on the lookout for spelling errors or other mistakes that would alert us to the presence of fraudsters. However, this advice is only help...

Phylum

Phylum Discovers New Stealer Variants in Burgeoning PyPI Supply Chain Attack

On December 6, 2022 Phylum’s automated risk detection platform started alerting us to a series of dangerous publications on PyPI. As we started digging into it, we discovered what appears to be the start of a new effort to deploy more stealer software onto Python developers’ machines. Follow along with the Phylum Research Team as we explore what we’ve found so far. Published on Dec 19, 2022 Written by The Phylum Research Team Share On December 6, 2022 Phylum’s automated risk detection platform s...

Prodaft

[FIN7] Fin7 Unveiled: A deep dive into notorious cybercrime gang

December 22, 2022 00:21 The highly active threat group FIN7 has been continuously broadening their cybercrime horizons and recently added ransomware to its attack arsenal. FIN7 group is known to hold a notorious status due to their achievement in deploying extensive backdoors in leveraging software supply chains, distributing malicious USB sticks, and cooperating with other groups. PTI team obtained visibility into the inner workings of the FIN7 threat group and managed to gain information about...

Recorded Future

RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant

Posted: 23rd December 2022By: Insikt Group® Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF. This report details recent activity conducted by the likely Chinese state-sponsored threat activity group RedDelta. The activity was identified through a combination of large-scale automated network traffic analytics and expert analysis. This report will be of most interest to individuals and organizations with stra...

Red Alert

Monthly Threat Actor Group Intelligence Report, October 2022 (ENG)

Monthly Threat Actor Group Intelligence Report, October 2022 (ENG) This report is a summary of Threat Actor group activities analyzed by NSHC ThreatRecon team based on data and information collected from 21 September 2022 to 20 October 2022. In October, activities by a total of 28 Threat Actor Groups were identified, in which activities by SectorA groups were the most prominent by 30%, followed by SectorE and SectorJ groups. Threat Actors identified in October carried out the highest number of a...

Red Canary

Atomic Red Team year in review
Intelligence Insights: December 2022

SANS Internet Storm Center

Infostealer Malware with Double Extension, (Sun, Dec 18th)

Infostealer Malware with Double Extension Published: 2022-12-18 Last Updated: 2022-12-18 17:28:06 UTC by Guy Bruneau (Version: 1) 2 comment(s) Got this file attachment this week pretending to be from HSBC Global Payments and Cash Management. The attachment payment_copy.pdf.z is a rar archive, kind of unusual with this type of file archive but when extracted, it comes out as a double extension with pdf.exe. The file is a trojan infostealer and detected by multiple scanning engines. Using CyberChe...

Hunting for Mastodon Servers, (Mon, Dec 19th)
Linux File System Monitoring & Actions, (Tue, Dec 20th)
Exchange OWASSRF Exploited for Remote Code Execution, (Thu, Dec 22nd)
Can you please tell me what time it is? Adventures with public NTP servers., (Wed, Dec 21st)
Google ad traffic leads to stealer packages based on free software, (Thu, Dec 22nd)
DShield Sensor Setup in Azure, (Wed, Dec 21st)

Kristen Cotten at Scythe

Threat Emulation: STEEP#MAVERICK

Threat Emulation: STEEP#MAVERICK by Kristen Cotten November 28, 2022 Executive Summary Researchers at Securonix Threat Labs recently reported a new cyber espionage campaign that is targeting defense contractors in the United States and abroad. What makes this particular campaign standout is the threat actors' attention to operations security and anti-analysis techniques used in the malware. STEEP#MAVERICK seems to have begun in late summer 2022 with attacks targeting multiple military contractin...

Securelist

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Incidents 19 Dec 2022 minute read Table of Contents SummaryProxyNotShell exploitation detailsProxyNotShell post exploitationOur recommendationsIndicators of compromise Authors Vitaly Morgunov Dmitry Kondratyev Alexander Kolesnikov Alexey Kulaev Summary At the end of September, GTSC reported an attack on critical infrastructure that took place in August. During the investigation, experts found that two 0-day vulnerabilities in Microsoft Exchange Server were used in the attack. The first one, late...

Ransomware and wiper signed with stolen certificates

APT reports 22 Dec 2022 minute read Table of Contents IntroductionWiper and ransomware, comparing wave 1 and wave 2Initial Infection – traces of cooperation between different attack groups and use of AnyDesk utilityThe ransomware – use of Kuwait Telecommunications Company signing certificateThe wiper – use of Nvidia signing certificateConclusionsThreat detectionIndicators of compromiseFile hashes (malicious documents, Trojans, emails, decoys)Signing certificates serial numbers Authors GReAT Intr...

Jonathan Reed at Security Intelligence

How Reveton Ransomware-as-a-Service Changed Cybersecurity

In 2012, Reveton ransomware emerged. It’s considered to be the first Ransomware-as-a-Service (RaaS) operation ever. Since then, RaaS has enabled gangs with basic technical skills to launch attacks indiscriminately. Now, nearly anyone can create highly effective malware campaigns. We now see RaaS outfits with organizational capabilities that rival the most professional Software-as-a-Service (SaaS) brands. But has RaaS grown too big? The factors that led to the niche’s growth may also lead to its ...

Securonix

New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix

Threat Research Share By Securonix Threat Labs, Threat Research: D.Iuzvyk, T.Peck, O.Kolesnikov Introduction The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government. The new malicious campaign from STEPPY#KAVACH we observed over the past few weeks appears to share many common TTPs with the SideCopy/APT36 threat actors th...

SOC Fortress

Detecting Abnormal Network Ports With Wazuh

Detect when your endpoints connect to uncommon portsIntroWith our Wazuh endpoint agents and supporting packages (Sysmon / Packetbeat) — READ MORE HERE — deployed, multiple logs are being ingested into the SIEM stack. We are now able to monitor process creation, files added/modified, user logins, commands executed, and much more!Prior to any of the above mentioned events occurring, a network connection is often involved. Whether that is an endpoint downloading a malicious payload from a command a...

SOCRadar

Reports of ProxyNotShell Vulnerabilities Being Actively Exploited (CVE-2022-41040 and CVE-2022-41082)
An Analysis of Central Banks Hackings: Who is Next?
AWS Elastic IP Transfer Feature Could Be Exploited in Attacks
All You Need to Know About the Linux Kernel ksmbd Remote Code Execution (ZDI-22-1690) Vulnerability

Matt Wixey at Sophos

The scammers who scam scammers on cybercrime forums: Part 3

A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the third part of our series, we look at the curious case of twenty fake marketplaces. Written by Matt Wixey December 21, 2022 Threat Research dread featured genesis marketplaces scams Sophos X-Ops In the first chapter of this series, we provided an overview of the hidden sub-economy of scammers who scam scammers, and in the second we examined the wide variety of scams and trick...

Kayleigh Martin at Sucuri

Fake jQuery Domain Redirects Site Visitors to Scam Pages

Alexey Firsh at VirusTotal

VT Intelligence Cheat Sheet

► November 2022 (6) ► October 2022 (1) ► September 2022 (1) ► August 2022 (3) ► July 2022 (1) ► May 2022 (1) ► April 2022 (2) ► March 2022 (3) ► February 2022 (2) ► January 2022 (2) ► 2021 (19) ► December 2021 (2) ► November 2021 (4) ► October 2021 (3) ► September 2021 (2) ► August 2021 (2) ► July 2021 (1) ► May 2021 (2) ► March 2021 (1) ► February 2021 (1) ► January 2021 (1) ► 2020 (15) ► December 2020 (2) ► November 2020 (3) ► October 2020 (2) ► August 2020 (1) ► June 2020 (1) ► May 2020 (1) ►...