diff --git a/2017/2017.01.15.Bear_Spotting_Vol.1/TIB-00003_IOC_Domain.txt b/2017/2017.01.15.Bear_Spotting_Vol.1/TIB-00003_IOC_Domain.txt
new file mode 100644
index 0000000..7f0de1d
--- /dev/null
+++ b/2017/2017.01.15.Bear_Spotting_Vol.1/TIB-00003_IOC_Domain.txt
@@ -0,0 +1,22 @@
+## Domain IOC's associated with Russian Nation State Campaigns Targeting Government and Military Interests 
+## Source: www.tr1adx.net
+## Last Updated: 2017-01-15
+##
+af-army.us
+afceaint.org
+webmail-mil.dk
+nato-nevvs.org
+jimin-jp.biz
+jica-go-jp.biz
+mofa-go-jp.com
+turkey-mia.com
+turkey-icisleri.com
+dpko.info
+unausanyc.com
+ausa.info
+mea-gov.in
+mfa-news.com
+defenceinform.com
+middle-eastreview.com
+middle-easterview.com
+foreign-review.com
diff --git a/2017/2017.01.15.Bear_Spotting_Vol.1/[tr1adx]_ Intel.pdf b/2017/2017.01.15.Bear_Spotting_Vol.1/[tr1adx]_ Intel.pdf
new file mode 100644
index 0000000..0620064
Binary files /dev/null and b/2017/2017.01.15.Bear_Spotting_Vol.1/[tr1adx]_ Intel.pdf differ
diff --git a/README.md b/README.md
index 69bef41..6a4cd27 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * Feb 02 - [Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX](https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx) | [Local](../../blob/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX)
 * Jan 30 - [Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments](http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/) | [Local](../../blob/master/2017/2017.01.30.downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments)
 * Jan 19 - [URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs](https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/) | [Local](../../blob/master/2017/2017.01.19.uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea)
+* Jan 15 - [Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests](https://www.tr1adx.net/intel/TIB-00003.html) | [Local](../../blob/master/2017/2017.01.15.Bear_Spotting_Vol.1)
 * Jan 12 - [The “EyePyramid” attacks](https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/) | [Local](../../blob/master/2017/2017.01.12.EyePyramid.attacks)
 * Jan 11 - [APT28: AT THE CENTER OF THE STORM](https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html) | [Local](../../blob/master/2017/2017.01.11.apt28_at_the_center)
 * Jan 09 - [Second Wave of Shamoon 2 Attacks Identified](http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-attacks-identified/) | [Local](../../blob/master/2017/2017.01.09.second-wave-shamoon-2-attacks-identified)