diff --git a/2013/2013.04.21.MiniDuke/miniduke_indicators_public.pdf b/2013/2013.02.27.MiniDuke_Indicators/miniduke_indicators_public.pdf
similarity index 100%
rename from 2013/2013.04.21.MiniDuke/miniduke_indicators_public.pdf
rename to 2013/2013.02.27.MiniDuke_Indicators/miniduke_indicators_public.pdf
diff --git a/2013/themysteryofthepdf0-dayassemblermicrobackdoor.pdf b/2013/2013.02.27.MiniDuke_Mystery/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
similarity index 100%
rename from 2013/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
rename to 2013/2013.02.27.MiniDuke_Mystery/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
diff --git a/2013/15-2013-youonlyclicktwice.pdf b/2013/2013.03.13.FinFisher/15-2013-youonlyclicktwice.pdf
similarity index 100%
rename from 2013/15-2013-youonlyclicktwice.pdf
rename to 2013/2013.03.13.FinFisher/15-2013-youonlyclicktwice.pdf
diff --git a/2013/Safe-a-targeted-threat.pdf b/2013/2013.03.17.Targeted_Threat/Safe-a-targeted-threat.pdf
similarity index 100%
rename from 2013/Safe-a-targeted-threat.pdf
rename to 2013/2013.03.17.Targeted_Threat/Safe-a-targeted-threat.pdf
diff --git a/2013/dissecting-operation-troy.pdf b/2013/2013.03.20.Operation_Troy/dissecting-operation-troy.pdf
similarity index 100%
rename from 2013/dissecting-operation-troy.pdf
rename to 2013/2013.03.20.Operation_Troy/dissecting-operation-troy.pdf
diff --git a/2013/theteamspystory_final_t2.pdf b/2013/2013.03.20.TeamSpy_Crew/theteamspystory_final_t2.pdf
similarity index 100%
rename from 2013/theteamspystory_final_t2.pdf
rename to 2013/2013.03.20.TeamSpy_Crew/theteamspystory_final_t2.pdf
diff --git a/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf b/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf
new file mode 100644
index 0000000..e3fcc07
Binary files /dev/null and b/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf differ
diff --git a/2013/MiniDuke_Paper_Final.pdf b/2013/2013.04.21.MiniDuke/MiniDuke_Paper_Final.pdf
similarity index 100%
rename from 2013/MiniDuke_Paper_Final.pdf
rename to 2013/2013.04.21.MiniDuke/MiniDuke_Paper_Final.pdf
diff --git a/README.md b/README.md
index ff39fa4..ad6cce1 100644
--- a/README.md
+++ b/README.md
@@ -678,13 +678,13 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Apr 01 - [Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html)
 * Mar 28 - [TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/)
 * Mar 27 - [APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf)
-* Mar 21 - [Darkseoul/Jokra Analysis And Recovery](http://www.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf)
-* Mar 20 - [The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/)
-* Mar 20 - [Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf)
-* Mar 17 - [Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf)
-* Mar 13 - [You Only Click Twice: FinFisher’s Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf)
-* Feb 27 - [Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf)
-* Feb 27 - [The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf)
+* Mar 21 - [[Fidelis Cybersecurity] Darkseoul/Jokra Analysis And Recovery](http://www.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf)
+* Mar 20 - [[Kaspersky] The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) | [Local](../../blob/master/2013/2013.03.20.TeamSpy_Crew)
+* Mar 20 - [[McAfee] Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) | [Local](../../blob/master/2013/2013.03.20.Operation_Troy)
+* Mar 17 - [[TrendMicro] Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf) | [Local](../../blob/master/2013/2013.03.17.Targeted_Threat)
+* Mar 13 - [[Citizenlab] You Only Click Twice: FinFisher’s Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf) | [Local](../../blob/master/2013/2013.03.13.FinFisher)
+* Feb 27 - [[Crysis] Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf) | [Local](../../blob/master/2013/2013.02.27.MiniDuke_Indicators)
+* Feb 27 - [[Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf) | [Local](../../blob/master/2013/2013.02.27.MiniDuke_Mystery)
 * Feb 26 - [[Symantec] Stuxnet 0.5: The Missing Link](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf) | [Local](../../blob/master/2013/2013.02.26.Stuxnet_0.5)
 * Feb 22 - [[Symantec] Comment Crew: Indicators of Compromise](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf) | [Local](../../blob/master/2013/2013.02.22.Comment_Crew)
 * Feb 18 - [[Fireeye] Mandiant APT1 Report](http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf) | [Local](../../blob/master/2013/2013.02.18.APT1)