diff --git a/2013/RAP002_APT1_Technical_backstage.1.0.pdf b/2013/2013.03.27.APT1_technical_backstage/RAP002_APT1_Technical_backstage.1.0.pdf
similarity index 100%
rename from 2013/RAP002_APT1_Technical_backstage.1.0.pdf
rename to 2013/2013.03.27.APT1_technical_backstage/RAP002_APT1_Technical_backstage.1.0.pdf
diff --git a/2013/tr-12-circl-plugx-analysis-v1.pdf b/2013/2013.03.28.TR-12_PlugX_malware/tr-12-circl-plugx-analysis-v1.pdf
similarity index 100%
rename from 2013/tr-12-circl-plugx-analysis-v1.pdf
rename to 2013/2013.03.28.TR-12_PlugX_malware/tr-12-circl-plugx-analysis-v1.pdf
diff --git a/2013/Trojan.APT.BaneChant.pdf b/2013/2013.04.01.APT_BaneChant/Trojan.APT.BaneChant.pdf
similarity index 100%
rename from 2013/Trojan.APT.BaneChant.pdf
rename to 2013/2013.04.01.APT_BaneChant/Trojan.APT.BaneChant.pdf
diff --git a/2013/NormanShark-MaudiOperation.pdf b/2013/2013.06.00.Maudi_Surveillance_Operation/NormanShark-MaudiOperation.pdf
similarity index 100%
rename from 2013/NormanShark-MaudiOperation.pdf
rename to 2013/2013.06.00.Maudi_Surveillance_Operation/NormanShark-MaudiOperation.pdf
diff --git a/2013/RAP002_APT1_Technical_backstage.1.0.pdf.1 b/2013/RAP002_APT1_Technical_backstage.1.0.pdf.1
deleted file mode 100644
index d321225..0000000
Binary files a/2013/RAP002_APT1_Technical_backstage.1.0.pdf.1 and /dev/null differ
diff --git a/README.md b/README.md
index 8d60c32..1a796e5 100644
--- a/README.md
+++ b/README.md
@@ -848,15 +848,15 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Jun 07 - [KeyBoy, Targeted Attacks against Vietnam and India](https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india)
 * Jun 04 - [The NetTraveller (aka 'Travnet')](http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf)
 * Jun 01 - [Crude Faux: An analysis of cyber conflict within the oil & gas industries](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf)
-* Jun ?? - [The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY)
+* Jun ?? - [[BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY) | [:closed_book:](../../blob/master/2013/2013.06.00.Maudi_Surveillance_Operation)
 * May 30 - [[CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample](http://www.circl.lu/pub/tr-14/) | [:closed_book:](../../blob/master/2013/2013.05.20.Miniduke.Analysis)
 * May 20 - [[Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure](http://www.thecre.com/fnews/wp-content/uploads/2013/05/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf) | [:closed_book:](../../blob/master/2013/2013.05.20.Operation_Hangover)
 * May 16 - [[ESET] Targeted information stealing attacks in South Asia use email, signed binaries](https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) | [:closed_book:](../../blob/master/2013/2013.05.16.targeted-threat-pakistan-india)
 * Apr 21 - [[Bitdefender] MiniDuke - The Final Cut](http://labs.bitdefender.com/2013/04/miniduke-the-final-cut) | [:closed_book:](../../blob/master/2013/2013.04.21.MiniDuke)
 * Apr 13 - [[Kaspersky] "Winnti" More than just a game](http://www.securelist.com/en/downloads/vlpdfs/winnti-more-than-just-a-game-130410.pdf) | [:closed_book:](../../blob/master/2013/2013.04.13.Winnti) 
-* Apr 01 - [Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html)
-* Mar 28 - [TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/)
-* Mar 27 - [APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf)
+* Apr 01 - [[Fireeye] Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html) | [:closed_book:](../../blob/master/2013/2013.04.01.APT_BaneChant)
+* Mar 28 - [[Circl] TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/) | [:closed_book:](../../blob/master/2013/2013.03.28.TR-12_PlugX_malware)
+* Mar 27 - [[malware.lu] APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf) | [:closed_book:](../../blob/master/2013/2013.03.27.APT1_technical_backstage)
 * Mar 21 - [[Fidelis] Darkseoul/Jokra Analysis And Recovery](https://old.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf) | [:closed_book:](../../blob/master/2013/2013.03.21.Darkseoul)
 * Mar 20 - [[Kaspersky] The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) | [:closed_book:](../../blob/master/2013/2013.03.20.TeamSpy_Crew)
 * Mar 20 - [[McAfee] Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) | [:closed_book:](../../blob/master/2013/2013.03.20.Operation_Troy)