diff --git a/2017/2017.09.28.Belarus_CMSTAR_Trojan/Threat Actors Target Government of Belarus Using CMSTAR Trojan.pdf b/2017/2017.09.28.Belarus_CMSTAR_Trojan/Threat Actors Target Government of Belarus Using CMSTAR Trojan.pdf
new file mode 100644
index 0000000..f01b08b
Binary files /dev/null and b/2017/2017.09.28.Belarus_CMSTAR_Trojan/Threat Actors Target Government of Belarus Using CMSTAR Trojan.pdf differ
diff --git a/2017/2017.10.02.Aurora_Operation_CCleaner_II/Aurora_Operation_CCleaner_II.pdf b/2017/2017.10.02.Aurora_Operation_CCleaner_II/Aurora_Operation_CCleaner_II.pdf
new file mode 100644
index 0000000..e5003f7
Binary files /dev/null and b/2017/2017.10.02.Aurora_Operation_CCleaner_II/Aurora_Operation_CCleaner_II.pdf differ
diff --git a/README.md b/README.md
index e487c17..809bc2a 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,9 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 ## 2017
 * Oct 16 - [[BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware](https://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html) | [Local](../../blob/master/2017/2017.10.16.BlackOasis_APT)  
 * Oct 16 - [[Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit](https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/) | [Local](../../blob/master/2017/2017.10.16.Taiwan-Heist) 
-* Sep 20 - [[intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner](http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/)  | [Local](../../blob/master/2017/2017.09.20.Aurora_Operation_CCleaner) 
+* Oct 02 - [[intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers]() | [Local](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II) 
+* Sep 28 - [[Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan](https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/) | [Local](../../blob/master/2017/2017.09.28.Belarus_CMSTAR_Trojan) 
+* Sep 20 - [[intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner](http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/) | [Local](../../blob/master/2017/2017.09.20.Aurora_Operation_CCleaner) 
 * Sep 20 - [Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware](https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html) | [Local](../../blob/master/2017/2017.09.20.apt33-insights-into-iranian-cyber-espionage) 
 * Sep 06 - [Dragonfly: Western energy sector targeted by sophisticated attack group](https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group) | [Local](../../blob/master/2017/2017.09.06.dragonfly-western-energy-sector-targeted-sophisticated-attack-group)   
 * Sep 06 - [Intelligence Games in the Power Grid](https://treadstone71llc.files.wordpress.com/2017/09/intelligence-games-in-the-power-grid-2016.pdf) | [Local](../../blob/master/2017/2017.09.06.intelligence-games-in-the-power-grid-2016)