diff --git a/2017/2017.12.11.MoneyTaker/Group-IB_MoneyTaker_report.pdf b/2017/2017.12.11.MoneyTaker/Group-IB_MoneyTaker_report.pdf
new file mode 100755
index 0000000..06099e7
Binary files /dev/null and b/2017/2017.12.11.MoneyTaker/Group-IB_MoneyTaker_report.pdf differ
diff --git a/README.md b/README.md
index b9495e6..74bb0d3 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # APT & CyberCriminal Campaign Collection
 
 This is a collection of APT and CyberCriminal campaigns. 
-Please fire issue to me if any lost of APT/Malware events/campaigns. 
+Please fire issue to me if any lost APT/Malware events/campaigns. 
 
 ## Reference Resources
 * [kbandla](https://github.com/kbandla/APTnotes) 
@@ -12,6 +12,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
 * [targetedthreats](https://github.com/botherder/targetedthreats/wiki/Reports)
 
 ## 2017
+* Dec 11 - [[Group-IB] MoneyTaker, revealed after 1.5 years of silent operations.](https://www.group-ib.com/resources/reports/money-taker.html) | [Local](../../blob/master/2017/2017.12.11.MoneyTaker) 
 * Dec 11 - [[Trend Micro] Untangling the Patchwork Cyberespionage Group](http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/) | [Local](../../blob/master/2017/2017.12.11.Patchwork_APT) 
 * Dec 07 - [[FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit](https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html) | [Local](../../blob/master/2017/2017.12.07.New_Targeted_Attack_in_the_Middle_East_by_APT34)
 * Dec 05 - [[ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets – And the HBO Hacker Connection](http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf) | [Local](../../blob/master/2017/2017.12.05.Charming_Kitten)