diff --git a/2020/2_5379689306971442171.pdf b/2020/2_5379689306971442171.pdf
new file mode 100644
index 0000000..25ff23c
Binary files /dev/null and b/2020/2_5379689306971442171.pdf differ
diff --git a/2020/2_5384086756482091354.pdf b/2020/2_5384086756482091354.pdf
new file mode 100644
index 0000000..605b6f6
Binary files /dev/null and b/2020/2_5384086756482091354.pdf differ
diff --git a/2020/2_5386338556295777171.pdf b/2020/2_5386338556295777171.pdf
new file mode 100644
index 0000000..95af6e5
Binary files /dev/null and b/2020/2_5386338556295777171.pdf differ
diff --git a/2020/2_5393201853905242226.pdf b/2020/2_5393201853905242226.pdf
new file mode 100644
index 0000000..da23f0f
Binary files /dev/null and b/2020/2_5393201853905242226.pdf differ
diff --git a/README.md b/README.md
index b035aa5..1448247 100755
--- a/README.md
+++ b/README.md
@@ -86,6 +86,10 @@ Depending on what you are looking for, you may also find this [page](Others.md)
 | [Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions](2020/Bitdefender-Whitepaper-Chinese-APT.pdf) | Nov | BitDefender |
 | [TRICKBOT Now Offers 'TRICKBOOT': PERSIST, BRICK, PROFIT](2020/2_5375456543686789007.pdf) | Dec | Eclypsium |
 | [MOLERATS in the Cloud: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign](2020/2_5370723725949798602.pdf) | Dec | Cybereason |
+| [Adversary Tracking Report When a false flag doesn't work: Exploring the digital-crime underground at campaign preparation stage](2020/2_5379689306971442171.pdf) | Dec | Telsy |
+| [EyeD4kRAT/ShirBiter Overview](2020/2_5384086756482091354.pdf) | Dec | Nyotron |
+| [Egregor Ransomware: The Legacy of Maze Lives on](2020/2_5386338556295777171.pdf) Dec | Group IB |
+| [Finding APTX: Attributing attacks via MITRE TTPs](2020/2_5393201853905242226.pdf) | Dec | Trend Micro |
 
 ### 2019