diff --git a/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus/unit42-new-improved-macos-backdoor-oceanlotus.pdf b/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus/unit42-new-improved-macos-backdoor-oceanlotus.pdf
new file mode 100644
index 0000000..60ba240
Binary files /dev/null and b/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus/unit42-new-improved-macos-backdoor-oceanlotus.pdf differ
diff --git a/README.md b/README.md
index df6e62c..75ac6ca 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * [threat-INTel](https://github.com/fdiskyou/threat-INTel)
 
 ## 2017
+* Jun 22 - [The New and Improved macOS Backdoor from OceanLotus](https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/) | [Local](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
 * Jun 22 - [Following the Trail of BlackTech’s Cyber Espionage Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/) | [Local](../../blob/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns)
 * Jun 19 - [SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry](https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf) | [Local](../../blob/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE)
 * Jun 13 - [CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations](https://dragos.com/blog/crashoverride/CrashOverride-01.pdf) | [Local](../../blob/master/2017/2017.06.13.CRASHOVERRIDE)