diff --git a/2017/2017.06.14.KASPERAGENT/KASPERAGENT.pdf b/2017/2017.06.14.KASPERAGENT/KASPERAGENT.pdf
new file mode 100644
index 0000000..84a3bfd
Binary files /dev/null and b/2017/2017.06.14.KASPERAGENT/KASPERAGENT.pdf differ
diff --git a/2017/2017.06.15.north-korea-cyber-activity/North Korea Is Not Crazy.pdf b/2017/2017.06.15.north-korea-cyber-activity/North Korea Is Not Crazy.pdf
new file mode 100644
index 0000000..b876f0f
Binary files /dev/null and b/2017/2017.06.15.north-korea-cyber-activity/North Korea Is Not Crazy.pdf differ
diff --git a/2017/2017.09.20.CCleanup_C2/CCleaner_C2.pdf b/2017/2017.09.20.CCleanup_C2/CCleaner_C2.pdf
new file mode 100644
index 0000000..989b0fb
Binary files /dev/null and b/2017/2017.09.20.CCleanup_C2/CCleaner_C2.pdf differ
diff --git a/README.md b/README.md
index ae195a4..eafc724 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * Sep 28 - [[Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan](https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/) | [Local](../../blob/master/2017/2017.09.28.Belarus_CMSTAR_Trojan) 
 * Sep 20 - [[intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner](http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/) | [Local](../../blob/master/2017/2017.09.20.Aurora_Operation_CCleaner) 
 * Sep 20 - [[FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware](https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html) | [Local](../../blob/master/2017/2017.09.20.apt33-insights-into-iranian-cyber-espionage) 
+* Sep 20 - [[CISCO] CCleaner Command and Control Causes Concern](http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html) | [Local](../../blob/master/2017/2017.09.18.CCleanup)  
 * Sep 18 - [[CISCO] CCleanup: A Vast Number of Machines at Risk](http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html) | [Local](../../blob/master/2017/2017.09.18.CCleanup)   
 * Sep 12 - [[FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY](https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html) | [Local](../../blob/master/2017/2017.09.12.FINSPY_CVE-2017-8759)
 * Sep 06 - [[Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group](https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group) | [Local](../../blob/master/2017/2017.09.06.dragonfly-western-energy-sector-targeted-sophisticated-attack-group)   
@@ -43,6 +44,8 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * Jun 22 - [[Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus](https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/) | [Local](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
 * Jun 22 - [[Trend Micro] Following the Trail of BlackTech’s Cyber Espionage Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/) | [Local](../../blob/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns)
 * Jun 19 - [[root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry](https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf) | [Local](../../blob/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE)
+* Jun 15 - [[Recorded Future] North Korea Is Not Crazy](https://www.recordedfuture.com/north-korea-cyber-activity/) | [Local](../../blob/master/2017/2017.06.15.north-korea-cyber-activity)
+* Jun 14 - [[ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections](https://www.threatconnect.com/blog/kasperagent-malware-campaign/) | [Local](../../blob/master/2017/2017.06.14.KASPERAGENT)
 * Jun 13 - [[Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations](https://dragos.com/blog/crashoverride/CrashOverride-01.pdf) | [Local](../../blob/master/2017/2017.06.13.CRASHOVERRIDE)
 * Jun 13 - [[US-CERT] HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure](https://www.us-cert.gov/ncas/alerts/TA17-164A) | [Local](../../blob/master/2017/2017.06.13.HIDDEN_COBRA)
 * May 30 - [[Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution](http://www.group-ib.com/lazarus.html) | [Local](../../blob/master/2017/2017.05.30.Lazarus_Arisen)