From 44916609435b0cf1fee3b1a94bc354374d229a4b Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Mon, 9 Sep 2019 15:23:18 +0200
Subject: [PATCH] Update Malware analysis 27-08-19.md

---
 Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md b/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md
index f5fc82f..c3f53fa 100644
--- a/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md	
+++ b/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md	
@@ -32,7 +32,7 @@
 ###### At the date of the submission in VT, the C2 is down and the next step can't be analysed.
 ## Cyber kill chain <a name="Cyber-kill-chain"></a>
 ###### The process graph resume the cyber kill chain used by the attacker.
-![alt text]()
+![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Indian/APT/Patchwork/27-08-19/Images/Cyber.png "")
 ## Cyber Threat Intel <a name="Cyber-Threat-Intel"></a>
 ###### Firstly, we can observe that the payload seems be with the Professional version of Inpage (2.21). Inpage is currently used in Pakistan which is consistent with the fact that Patchwork is an Indian APT.
 ###### Secondly, we can note the same pdb path what the 360TI analysis.