diff --git a/2021/2021.11.04.Gamaredon_Armageddon_Group/Technical report Armagedon.pdf b/2021/2021.11.04.Gamaredon_Armageddon_Group/Technical report Armagedon.pdf
new file mode 100644
index 0000000..84c7e69
Binary files /dev/null and b/2021/2021.11.04.Gamaredon_Armageddon_Group/Technical report Armagedon.pdf differ
diff --git a/README.md b/README.md
index 8fbc674..f3b5a2f 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,8 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 :small_blue_diamond: [vx-underground](https://vx-underground.org/apts.html) <br>
 
 ## 2021
-* Oct 19 - [[CrowdStrike] LightBasin: A Roaming Threat to Telecommunications Companies](https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/) | [:closed_book:](../../blob/master/2021/021.10.19.UNC1945_LightBasin)
+* Nov 04 - [[SSU] Gamaredon Armageddon Group](https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf) | [:closed_book:](../../blob/master/2021/2021.11.04.Gamaredon_Armageddon_Group)
+* Oct 19 - [[CrowdStrike] LightBasin: A Roaming Threat to Telecommunications Companies](https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/) | [:closed_book:](../../blob/master/2021/2021.10.19.UNC1945_LightBasin)
 * Oct 26 - [[JPCERT] Malware WinDealer used by LuoYu Attack Group](https://blogs.jpcert.or.jp/en/2021/10/windealer.html) | [:closed_book:](../../blob/master/2021/2021.10.26.WinDealer_LuoYu_Group)
 * Oct 19 - [[Proofpoint] Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant](https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant) | [:closed_book:](../../blob/master/2021/2021.10.19.TA505_New_FlawedGrace)
 * Oct 19 - [[Trend Micro] PurpleFox Adds New Backdoor That Uses WebSockets](https://www.trendmicro.com/en_us/research/21/j/purplefox-adds-new-backdoor-that-uses-websockets.html) | [:closed_book:](../../blob/master/2021/2021.10.19.PurpleFox)