diff --git a/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md b/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md
new file mode 100644
index 0000000..d61a8a0
--- /dev/null
+++ b/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md	
@@ -0,0 +1,58 @@
+# Analysis of the new TA505 campaign
+## Table of Contents
+* [Malware analysis](#Malware-analysis)
+  + [86ccedaa93743e83787f53e09e376713.docx](#malware1)
+* [Cyber Threat Intel](#Cyber-Threat-Intel)
+  + [Opendir analysis](#opendir)
+  + [Victimology](#Victimology)
+* [Indicators Of Compromise (IOC)](#IOC)
+* [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK)
+* [Links](#Links)
+  + [Original Tweet](#Original-Tweet)
+  + [Link Anyrun](#Links-Anyrun)
+  + [Documents](#Documents)
+
+## Malware analysis <a name="Malware-analysis"></a>
+### 86ccedaa93743e83787f53e09e376713.docx <a name="malware1"></a>
+###### The first sample 
+![alt text]()
+
+## Cyber kill chain <a name="Cyber-kill-chain"></a>
+###### The process graphs resume all the cyber kill chains used by the attacker. 
+![alt text]()
+## References MITRE ATT&CK Matrix <a name="Ref-MITRE-ATTACK"></a>
+###### List of all the references with MITRE ATT&CK Matrix
+
+|Enterprise tactics|Technics used|Ref URL|
+| :---------------: |:-------------| :------------- |
+|||
+
+## Indicators Of Compromise (IOC) <a name="IOC"></a>
+
+###### List of all the Indicators Of Compromise (IOC)
+
+| Indicator     | Description|
+| ------------- |:-------------:|
+|||
+||Domain requested|
+||IP requested|
+||HTTP/HTTPS requests|
+||Domain C2|
+||IP C2|
+
+###### This can be exported as JSON format [Export in JSON]()	
+
+## Links <a name="Links"></a>
+###### Original tweet: 
+* [https://twitter.com/James_inthe_box/status/1179077549302829056](https://twitter.com/James_inthe_box/status/1179077549302829056) <a name="Original-Tweet"></a>
+* [https://twitter.com/KorbenD_Intel/status/1179858006584037377](https://twitter.com/KorbenD_Intel/status/1179858006584037377)
+* [https://twitter.com/58_158_177_102/status/1177498806016823296](https://twitter.com/58_158_177_102/status/1177498806016823296)
+* [https://twitter.com/James_inthe_box/status/1174729932045316096](https://twitter.com/James_inthe_box/status/1174729932045316096)
+###### Links Anyrun: <a name="Links-Anyrun"></a>
+###### Samples :
+* [Letter 7711.xls](https://app.any.run/tasks/d3699368-76cb-4c9f-b5c5-c4e25eb2e318)
+* [REP 7072.xls](https://app.any.run/tasks/ae70ad41-d5d7-4dca-98d2-b72bfbae45fa)
+* [r55.exe](https://app.any.run/tasks/f054811a-d89c-41e5-ae60-c6d1b2ed75a8)
+
+###### Documents: <a name="Documents"></a>
+* []()