diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92.zip
new file mode 100644
index 0000000..2dcdc1f
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec.zip
new file mode 100644
index 0000000..3757182
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/hash.txt b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/hash.txt
new file mode 100644
index 0000000..c6d9c43
--- /dev/null
+++ b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_1/hash.txt
@@ -0,0 +1,2 @@
+50ac4fcd3fbc8abcaa766449841b3a0a684b3e217fc40935f1ac22c34c58a9ec
+0e0094d9bd396a6594da8e21911a3982cd737b445f591581560d766755097d92
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b.zip
new file mode 100644
index 0000000..38785dd
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4.zip
new file mode 100644
index 0000000..16d05da
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b.zip
new file mode 100644
index 0000000..3b490d9
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d.zip
new file mode 100644
index 0000000..8944963
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1.zip
new file mode 100644
index 0000000..79e8521
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17.zip
new file mode 100644
index 0000000..dfc3e3c
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387.zip
new file mode 100644
index 0000000..bf5fbee
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e.zip
new file mode 100644
index 0000000..cb15c0d
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/hash.txt b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/hash.txt
new file mode 100644
index 0000000..dda7f60
--- /dev/null
+++ b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_2/hash.txt
@@ -0,0 +1,8 @@
+9683b04123d7e9fe4c8c26c69b09c2233f7e1440f828837422ce330040782d17
+d6097e942dd0fdc1fb28ec1814780e6ecc169ec6d24f9954e71954eedbc4c70e
+4b03288e9e44d214426a02327223b5e516b1ea29ce72fa25a2fcef9aa65c4b0b
+9eb6c779dbad1b717caa462d8e040852759436ed79cc2172692339bc62432387
+37e29b0ea7a9b97597385a12f525e13c3a7d02ba4161a6946f2a7d978cc045b4
+776cb9a7a9f5afbaffdd4dbd052c6420030b2c7c3058c1455e0a79df0e6f7a1d
+8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1
+0649fda8888d701eb2f91e6e0a05a2e2be714f564497c44a3813082ef8ff250b
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719.zip
new file mode 100644
index 0000000..6c4bdd0
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344.zip b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344.zip
new file mode 100644
index 0000000..c137beb
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344.zip differ
diff --git a/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/hash.txt b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/hash.txt
new file mode 100644
index 0000000..12232ff
--- /dev/null
+++ b/2018/2018.05.23.New_VPNFilter/Malware_VPNFilter/Stage_3/hash.txt
@@ -0,0 +1,2 @@
+f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344
+afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719
diff --git a/2018/2018.05.23.New_VPNFilter/VPNFilter.pdf b/2018/2018.05.23.New_VPNFilter/VPNFilter.pdf
new file mode 100644
index 0000000..19c3d4b
Binary files /dev/null and b/2018/2018.05.23.New_VPNFilter/VPNFilter.pdf differ
diff --git a/README.md b/README.md
index 17669e3..d3a0a24 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc)
 
 ## 2018
+* May 23 - [[CISCO] New VPNFilter malware targets at least 500K networking devices worldwide](https://blog.talosintelligence.com/2018/05/VPNFilter.html) | [Local](../../blob/master/2018/2018.05.23.New_VPNFilter)
 * May 23 - [[Ahnlab] [KR] Andariel Group Trend Report](http://download.ahnlab.com/kr/site/library/[Report]Andariel_Threat_Group.pdf) | [Local](../../blob/master/2018/2018.05.23.Andariel_Group)
 * May 22 - [[ESET] Turla Mosquito: A shift towards more generic tools](https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/) | [Local](../../blob/master/2018/2018.05.22.Turla_Mosquito)
 * May 09 - [[Recorded Future] Iran’s Hacker Hierarchy Exposed](https://go.recordedfuture.com/hubfs/reports/cta-2018-0509.pdf) | [Local](../../blob/master/2018/2018.05.09.Iran_Hacker_Hierarchy_Exposed)