diff --git a/Additional Analysis/New_tendencies.md b/Additional Analysis/New_tendencies.md
new file mode 100644
index 0000000..aec4c5a
--- /dev/null
+++ b/Additional Analysis/New_tendencies.md	
@@ -0,0 +1,36 @@
+# New tendencies in ransomware threat
+## Table of Contents
+* [Malware analysis](#Malware-analysis)
+* [Cyber Threat Intel](#Cyber-Threat-Intel)
+* [Cyber kill chain](#Cyber-kill-chain)
+* [Indicators Of Compromise (IOC)](#IOC)
+* [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)
+* [Links](#Links)
+  + [Original Tweet](#Original-Tweet)
+  + [Link Anyrun](#Links-Anyrun)
+
+## Malware analysis <a name="Malware-analysis"></a>
+
+## Cyber kill chain <a name="Cyber-kill-chain"></a>
+###### The process graphs resume all the cyber kill chains used by the attacker. 
+![alt text]()
+## References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a>
+###### List of all the references with MITRE ATT&CK Matrix
+
+|Enterprise tactics|Technics used|Ref URL|
+| :---------------: |:-------------| :------------- |
+|||
+
+## Indicators Of Compromise (IOC) <a name="IOC"></a>
+###### List of all the Indicators Of Compromise (IOC)
+|Indicator|Description|
+| ------------- |:-------------:|
+||
+
+###### This can be exported as JSON format [Export in JSON]()	
+
+## Links <a name="Links"></a>
+###### Original tweet: 
+* [https://twitter.com/Rmy_Reserve/status/1181194017402322944](https://twitter.com/Rmy_Reserve/status/1181194017402322944) <a name="Original-Tweet"></a>
+###### Links Anyrun: <a name="Links-Anyrun"></a>
+* [Panduan_Kemaskini.doc](https://app.any.run/tasks/9bffa01e-34c2-4816-889b-a91f4fac77d3/)