diff --git a/2019/2019.04.17.Aggah_Campaign/Aggah Campaign_ Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign.pdf b/2019/2019.04.17.Aggah_Campaign/Aggah Campaign_ Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign.pdf
new file mode 100644
index 0000000..5d42a45
Binary files /dev/null and b/2019/2019.04.17.Aggah_Campaign/Aggah Campaign_ Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign.pdf differ
diff --git a/README.md b/README.md
index ecbda1c..fb8c20a 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * [APT_REPORT collected by @blackorbird](https://github.com/blackorbird/APT_REPORT)
 
 ## 2019
+* Apr 17 - [[Palo Alto Networks] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign](https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/) | [Local](../../blob/master/2019/2019.04.17.Aggah_Campaign)
 * Apr 17 - [[CISCO] DNS Hijacking Abuses Trust In Core Internet Service](https://blog.talosintelligence.com/2019/04/seaturtle.html) | [Local](../../blob/master/2019/2019.04.17.Operation_Sea_Turtle)
 * Apr 10 - [[CheckPoint] The Muddy Waters of APT Attacks](https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/) | [Local](../../blob/master/2019/2019.04.10.Muddy_Waters)
 * Apr 10 - [[Kaspersky] Project TajMahal – a sophisticated new APT framework](https://securelist.com/project-tajmahal/90240/) | [Local](../../blob/master/2019/2019.04.10.Project_TajMahal)