diff --git a/2017/2017.07.27.Operation_Wilted_Tulip/Operation_Wilted_Tulip (1).pdf b/2017/2017.07.27.Operation_Wilted_Tulip/Operation_Wilted_Tulip (1).pdf
new file mode 100644
index 0000000..41d99c9
Binary files /dev/null and b/2017/2017.07.27.Operation_Wilted_Tulip/Operation_Wilted_Tulip (1).pdf differ
diff --git a/README.md b/README.md
index acbb5f9..1504e0a 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * [targetedthreats](https://github.com/botherder/targetedthreats/wiki/Reports)
 
 ## 2017
+* Jul 27 - [Operation Wilted Tulip](http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf) | [Local](../../blob/master/2017/2017.07.27.Operation_Wilted_Tulip) 
 * Jul 24 - [“Tick” Group Continues Attacks](https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/) | [Local](../../blob/master/2017/2017.07.24.Tick_group) 
 * Jul 18 - [Recent Winnti Infrastructure and Samples](http://www.clearskysec.com/winnti/) | [Local](../../blob/master/2017/2017.07.18.winnti) 
 * Jul 11 - [Winnti Evolution - Going Open Source](https://www.protectwise.com/blog/winnti-evolution-going-open-source.html) | [Local](../../blob/master/2017/2017.07.11.winnti-evolution-going-open-source)