diff --git a/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf b/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf
new file mode 100644
index 0000000..64a30bb
Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf differ
diff --git a/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip b/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip
new file mode 100644
index 0000000..db79139
Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip differ
diff --git a/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip b/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip
new file mode 100644
index 0000000..72b2ac5
Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip differ
diff --git a/README.md b/README.md
index d2a5250..96459e0 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 
 
 ## 2018
+* Apr 27 - [[Tencent] (CN) OceanLotus new malware analysis](https://s.tencent.com/research/report/471.html) | [Local](../../blob/master/2018/2018.04.27.OceanLotus_new_malware) 
 * Apr 26 - [[CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India](https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html) | [Local](../../blob/master/2018/2018.04.26.GravityRAT) 
 * Apr 24 - [[FireEye] Metamorfo Campaigns Targeting Brazilian Users](https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html) | [Local](../../blob/master/2018/2018.04.24.metamorfo-campaign) 
 * Apr 24 - [[McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/) | [Local](../../blob/master/2018/2018.04.24.Operation_GhostSecret) 
@@ -92,7 +93,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * Nov 07 - [[McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack](https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/#sf151634298) | [Local](../../blob/master/2017/2017.11.07.APT28_Slips_Office_Malware)
 * Nov 07 - [[Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments](https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments) | [Local](../../blob/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets)
 * Nov 06 - [[Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/) | [Local](../../blob/master/2017/2017.11.06.ChessMaster_New_Strategy)   
-* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [Local](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk)  
+* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [Local](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk)
 * Nov 02 - [[PwC] The KeyBoys are back in town](http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html) | [Local](../../blob/master/2017/2017.11.02.KeyBoys_are_back)   
 * Nov 02 - [[Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America](http://www.clearskysec.com/leetmx/) | [Local](../../blob/master/2017/2017.11.02.LeetMX)  
 * Nov 02 - [[RISKIQ] New Insights into Energetic Bear’s Watering Hole Attacks on Turkish Critical Infrastructure](https://www.riskiq.com/blog/labs/energetic-bear/) | [Local](../../blob/master/2017/2017.11.02.Energetic_Bear_on_Turkish_Critical_Infrastructure)