diff --git a/README.md b/README.md
index e608cca..a3077fd 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,7 @@ The following taxonomies are described:
 - [NATO Classification Marking](./nato)
 - [Open Threat Taxonomy v1.1 (SANS)](./open_threat)
 - [OSINT Open Source Intelligence - Classification](./osint)
+- [Pandemic](./pandemic) - Pandemic events
 - [Ransomware](./ransomware)
 - [runtime-packer](./runtime-packer) - Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other o
 bfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries.
diff --git a/pandemic/machinetag.json b/pandemic/machinetag.json
new file mode 100644
index 0000000..35125a6
--- /dev/null
+++ b/pandemic/machinetag.json
@@ -0,0 +1,26 @@
+{
+  "namespace": "pandemic",
+  "description": "Pandemic",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "covid-19",
+      "expanded": "COVID-19"
+    }
+  ],
+  "values": [
+    {
+      "predicate": "covid-19",
+      "entry": [
+        {
+          "value": "health",
+          "expanded": "Health"
+        },
+        {
+          "value": "cyber",
+          "expanded": "Cyber"
+        }
+      ]
+    }
+  ]
+}