diff --git a/sorillus/README.md b/sorillus/README.md
new file mode 100644
index 0000000..068c9a5
--- /dev/null
+++ b/sorillus/README.md
@@ -0,0 +1,7 @@
+In March 2025, our Managed Threat Detection teams in Belgium identified a malicious infection chain leading to the delivery of a Remote Access Trojan (RAT) impacting one of our clients. Upon further analysis from Orange Cyberdefense CERT, a larger campaign impacting European organizations located in Spain, Portugal, Italy, France, Belgium and the Netherlands was discovered.  
+
+The threat actors behind this infection chain cluster relies on invoice-themed phishing for initial access and delivers a .jar file which corresponds to a version of Sorillus RAT.  
+
+The campaign was also covered in early May by Fortinet, which dubbed the malware “Ratty RAT”. Sorillus has also been previously detailed by Abnormal AI and eSentire. 
+
+Full article: https://www.orangecyberdefense.com/global/blog/cert-news/from-sambaspy-to-sorillus-dancing-through-a-multi-language-phishing-campaign-in-europe