diff --git a/2021/2021.01.11.SUNSPOT/SUNSPOT Malware A Technical Analysis.pdf b/2021/2021.01.11.SUNSPOT/SUNSPOT Malware A Technical Analysis.pdf
new file mode 100644
index 0000000..248c796
Binary files /dev/null and b/2021/2021.01.11.SUNSPOT/SUNSPOT Malware A Technical Analysis.pdf differ
diff --git a/2021/2021.01.11.xHunt_Campaign/xHunt Campaign_ New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement.pdf b/2021/2021.01.11.xHunt_Campaign/xHunt Campaign_ New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement.pdf
new file mode 100644
index 0000000..72f7ee6
Binary files /dev/null and b/2021/2021.01.11.xHunt_Campaign/xHunt Campaign_ New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement.pdf differ
diff --git a/2021/2021.02.01.ElephantRAT/VinCSS Blog_ [RE020] ElephantRAT (Kunming version)_ our latest discovered RAT of Panda and the similarities with recently Smanager RAT.pdf b/2021/2021.02.01.ElephantRAT/VinCSS Blog_ [RE020] ElephantRAT (Kunming version)_ our latest discovered RAT of Panda and the similarities with recently Smanager RAT.pdf
new file mode 100644
index 0000000..f37b920
Binary files /dev/null and b/2021/2021.02.01.ElephantRAT/VinCSS Blog_ [RE020] ElephantRAT (Kunming version)_ our latest discovered RAT of Panda and the similarities with recently Smanager RAT.pdf differ
diff --git a/2021/2021.02.10.Confucius_India-Pakistan/Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict.pdf b/2021/2021.02.10.Confucius_India-Pakistan/Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict.pdf
new file mode 100644
index 0000000..7f725ea
Binary files /dev/null and b/2021/2021.02.10.Confucius_India-Pakistan/Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict.pdf differ
diff --git a/2021/2021.02.17.Confucius_Pakistani_South_Asian/Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions — Cyble.pdf b/2021/2021.02.17.Confucius_Pakistani_South_Asian/Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions — Cyble.pdf
new file mode 100644
index 0000000..685de8a
Binary files /dev/null and b/2021/2021.02.17.Confucius_Pakistani_South_Asian/Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions — Cyble.pdf differ
diff --git a/README.md b/README.md
index dda3662..e1f2a86 100644
--- a/README.md
+++ b/README.md
@@ -651,7 +651,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Jun 23 - [[Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group](https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf) | [:closed_book:](../../blob/master/2018/2018.06.23.Andariel_Group)
 * Jun 22 - [[Palo Alto networks] Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems](https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/) | [:closed_book:](../../blob/master/2018/2018.06.22.Iick.Group-weaponized-secure-usb)
 * Jun 20 - [[Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies](https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets) | [:closed_book:](../../blob/master/2018/2018.06.20.thrip-hits-satellite-telecoms-defense-targets)
-* Jun 19 - [[Kaspersky] Olympic Destroyer is still alive](https://securelist.com/olympic-destroyer-is-still-alive/86169/) | [:closed_book:](../../blob/master/2018/2017.06.19.olympic-destroyer-is-still-alive)
+* Jun 19 - [[Kaspersky] Olympic Destroyer is still alive](https://securelist.com/olympic-destroyer-is-still-alive/86169/) | [:closed_book:](../../blob/master/2018/2018.06.19.olympic-destroyer-is-still-alive)
 * Jun 14 - [[Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor](https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/) | [:closed_book:](../../blob/master/2018/2018.06.14.another-potential-muddywater-campaign)
 * Jun 14 - [[intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones](https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/) | [:closed_book:](../../blob/master/2018/2018.06.14.MirageFox_APT15)
 * Jun 13 - [[Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign](https://securelist.com/luckymouse-hits-national-data-center/86083/) | [:closed_book:](../../blob/master/2018/2018.06.13.LuckyMouse)
@@ -681,7 +681,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Apr 23 - [[Accenture] HOGFISH REDLEAVES CAMPAIGN](https://www.accenture.com/t20180423T055005Z__w__/us-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf) | [:closed_book:](../../blob/master/2018/2018.04.23.HOGFISH_REDLEAVES_CAMPAIGN) 
 * Apr 23 - [[Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia](https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia) | [:closed_book:](../../blob/master/2018/2018.04.23.New_Orangeworm) 
 * Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [:closed_book:](../../blob/master/2018/2018.04.23.energetic-bear-crouching-yeti) 
-* Apr 17 - [[NCCGroup] Decoding network data from a Gh0st RAT variant](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant) | [:closed_book:](../../blob/master/2018.04.17.Iron_Tiger_Gh0st_RAT_variant) 
+* Apr 17 - [[NCCGroup] Decoding network data from a Gh0st RAT variant](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant) | [:closed_book:](../../blob/master/2018/2018.04.17.Iron_Tiger_Gh0st_RAT_variant) 
 * Apr 12 - [[Kaspersky] Operation Parliament, who is doing what?](https://securelist.com/operation-parliament-who-is-doing-what/85237/) | [:closed_book:](../../blob/master/2018/2018.04.12.operation-parliament) 
 * Apr 04 - [[Trend Micro] New MacOS Backdoor Linked to OceanLotus Found](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | [:closed_book:](../../blob/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus) 
 * Mar 29 - [[Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal](https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/) | [:closed_book:](../../blob/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools) 
@@ -753,7 +753,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Nov 07 - [[McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack](https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/#sf151634298) | [:closed_book:](../../blob/master/2017/2017.11.07.APT28_Slips_Office_Malware)
 * Nov 07 - [[Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments](https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments) | [:closed_book:](../../blob/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets)
 * Nov 06 - [[Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/) | [:closed_book:](../../blob/master/2017/2017.11.06.ChessMaster_New_Strategy)   
-* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [:closed_book:](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk)
+* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [:closed_book:](../../blob/master/2017/2017.11.06.oceanlotus-blossoms) 
 * Nov 02 - [[Palo Alto Networks] Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/) | [:closed_book:](../../blob/master/2017/2017.11.02.InPage_Exploits)
 * Nov 02 - [[PwC] The KeyBoys are back in town](http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html) | [:closed_book:](../../blob/master/2017/2017.11.02.KeyBoys_are_back)   
 * Nov 02 - [[Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America](http://www.clearskysec.com/leetmx/) | [:closed_book:](../../blob/master/2017/2017.11.02.LeetMX)  
@@ -814,7 +814,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * May 24 - [[Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP](https://www.cybereason.com/blog/operation-cobalt-kitty-apt) | [:closed_book:](../../blob/master/2017/2017.05.24.OPERATION_COBALT_KITTY)
 * May 14 - [[FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations](https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html) | [:closed_book:](../../blob/master/2017/2017.05.14.cyber-espionage-apt32)
 * May 03 - [[Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access](http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-acces) | [:closed_book:](../../blob/master/2017/2017.05.03.kazuar-multiplatform-espionage-backdoor-api-access)
-* May 03 - [[CISCO] KONNI: A Malware Under The Radar For Years](http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html) | [:closed_book:](../../blob/master/2017/konni-malware-under-radar-for-years)
+* May 03 - [[CISCO] KONNI: A Malware Under The Radar For Years](http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html) | [:closed_book:](../../blob/master/2017/2017.05.03.konni-malware-under-radar-for-years)
 * Apr 27 - [[Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations](http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability) | [:closed_book:](../../blob/master/2017/2017.04.27.iranian-fileless-cyberattack-on-israel-word-vulnerability)
 * Apr 13 - [[F-SECURE] Callisto Group](https://www.f-secure.com/documents/996508/1030745/callisto-group) | [:closed_book:](../../blob/master/2017/2017.04.13.callisto-group)
 * Apr 11 - [[Kaspersky] Unraveling the Lamberts Toolkit](https://securelist.com/unraveling-the-lamberts-toolkit/77990/) | [:closed_book:](../../blob/master/2017/2017.04.11.Lamberts_Toolkit)