diff --git a/2019/2019.09.05.UPSynergy/UPSynergy_ Chinese-American Spy vs. Spy Story.pdf b/2019/2019.09.05.UPSynergy/UPSynergy_ Chinese-American Spy vs. Spy Story.pdf
new file mode 100644
index 0000000..082c1df
Binary files /dev/null and b/2019/2019.09.05.UPSynergy/UPSynergy_ Chinese-American Spy vs. Spy Story.pdf differ
diff --git a/2019/2019.09.05.UPSynergy/samples/0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a.zip b/2019/2019.09.05.UPSynergy/samples/0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a.zip
new file mode 100644
index 0000000..ae5bf75
Binary files /dev/null and b/2019/2019.09.05.UPSynergy/samples/0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a.zip differ
diff --git a/README.md b/README.md
index 9594814..4969885 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 
 ## 2019
 * Aug 31 - [[CyberThreatIntel] Malware analysis on Bitter APT campaign](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/offshore%20APT%20organization/Bitter/27-08-19/Malware%20analysis%2031-08-19.md) | [:closed_book:](../../blob/master/2019/2019.08.31.Bitter_APT_Malware_analysis)
+* Aug 29 - [[Trend Micro] ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information](https://blog.trendmicro.com/trendlabs-security-intelligence/heatstroke-campaign-uses-multistage-phishing-attack-to-steal-paypal-and-credit-card-information/) | [:closed_book:](../../blob/master/2019/2019.08.29.SectorJ04_2019)
 * Aug 29 - [[IBM] More_eggs, Anyone? Threat Actor ITG08 Strikes Again](https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/) | [:closed_book:](../../blob/master/2019/2019.08.29.FIN6_ITG08)
 * Aug 29 - [[NSHC] SectorJ04 Group’s Increased Activity in 2019](https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/) | [:closed_book:](../../blob/master/2019/2019.08.29.SectorJ04_2019)
 * Aug 27 - [[Dell] LYCEUM Takes Center Stage in Middle East Campaign](https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign) | [:closed_book:](../../blob/master/2019/2019.08.27.LYCEUM_threat_group)