diff --git a/2013/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf b/2013/2013.05.20.Operation_Hangover/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf
similarity index 100%
rename from 2013/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf
rename to 2013/2013.05.20.Operation_Hangover/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf
diff --git a/2013/Norman_HangOver report_Executive Summary_042513.pdf b/2013/2013.05.20.Operation_Hangover/Norman_HangOver report_Executive Summary_042513.pdf
similarity index 100%
rename from 2013/Norman_HangOver report_Executive Summary_042513.pdf
rename to 2013/2013.05.20.Operation_Hangover/Norman_HangOver report_Executive Summary_042513.pdf
diff --git a/2013/Unveiling an Indian Cyberattack Infrastructure - appendixes.pdf b/2013/2013.05.20.Operation_Hangover/Unveiling an Indian Cyberattack Infrastructure - appendixes.pdf
similarity index 100%
rename from 2013/Unveiling an Indian Cyberattack Infrastructure - appendixes.pdf
rename to 2013/2013.05.20.Operation_Hangover/Unveiling an Indian Cyberattack Infrastructure - appendixes.pdf
diff --git a/2013/2013.05.20.Operation_Hangover/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf b/2013/2013.05.20.Operation_Hangover/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf
new file mode 100644
index 0000000..811937c
Binary files /dev/null and b/2013/2013.05.20.Operation_Hangover/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf differ
diff --git a/README.md b/README.md
index 6817258..a1fc38f 100644
--- a/README.md
+++ b/README.md
@@ -670,8 +670,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Jun 01 - [Crude Faux: An analysis of cyber conflict within the oil & gas industries](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf)
 * Jun ?? - [The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY)
 * May 30 - [TR-14 - Analysis of a stage 3 Miniduke malware sample](http://www.circl.lu/pub/tr-14/)
-* May ?? - [Operation Hangover](https://www.bluecoat.com/security-blog/2013-05-20/hangover-report)
-* Apr 24 - [Operation Hangover](http://normanshark.com/pdf/Norman_HangOver%20report_Executive%20Summary_042513.pdf)
+* May 20 - [[Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure](http://www.thecre.com/fnews/wp-content/uploads/2013/05/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf) | [Local](../../blob/master/2013/2013.05.20.Operation_Hangover)
 * Apr 21 - [[Bitdefender] MiniDuke - The Final Cut](http://labs.bitdefender.com/2013/04/miniduke-the-final-cut) | [Local](../../blob/master/2013/2013.04.21.MiniDuke)
 * Apr 13 - [[Kaspersky] "Winnti" More than just a game](http://www.securelist.com/en/downloads/vlpdfs/winnti-more-than-just-a-game-130410.pdf) | [Local](../../blob/master/2013/2013.04.13.Winnti) 
 * Apr 01 - [Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html)