diff --git a/2019/2019.09.30_HELO_Winnti/HELO Winnti_ Attack or Scan.pdf b/2019/2019.09.30_HELO_Winnti/HELO Winnti_ Attack or Scan.pdf
new file mode 100644
index 0000000..8c434a2
Binary files /dev/null and b/2019/2019.09.30_HELO_Winnti/HELO Winnti_ Attack or Scan.pdf differ
diff --git a/README.md b/README.md
index 2c72ec5..1fae9cc 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 :small_blue_diamond: [Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups](https://github.com/StrangerealIntel/CyberThreatIntel) <br>
 
 ## 2019
+* Sep 30 - [[Lastline] HELO Winnti: Attack or Scan?](https://www.lastline.com/labsblog/helo-winnti-attack-scan/) | [:closed_book:](../../blob/master/2019/2019.09.30_HELO_Winnti)
 * Sep 15 - [[Clearsky] The Kittens Are Back in Town Charming Kitten Campaign Against Academic
 Researchers](https://www.clearskysec.com/wp-content/uploads/2019/09/The-Kittens-Are-Back-in-Town-Charming-Kitten-2019.pdf) | [:closed_book:](../../blob/master/2019/2019.09.15_Kittens_back)
 * Sep 11 - [[MeltX0R Security] RANCOR APT: Suspected targeted attacks against South East Asia](https://meltx0r.github.io/tech/2019/09/11/rancor-apt.html) | [:closed_book:](../../blob/master/2019/2019.09.11.RANCOR_APT)