diff --git a/Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md b/Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md
index 9679961..bd61b9f 100644
--- a/Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md
+++ b/Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md
@@ -15,7 +15,7 @@
* [Links](#Links)
+ [Original Tweet](#Original-Tweet)
+ [Link Anyrun](#Links-Anyrun)
- + [Ref previous analysis](#Documents)
+ + [Documents](#Documents)
## Malware-analysis
### Initial vector
@@ -113,7 +113,7 @@
#### The troubling case of the Hagga account
###### Like reported by me, the 15th May 2019 [(Link)](https://twitter.com/Arkbird_SOLG/status/1128696982783123457) after analysing the sample request of [JAMESWT_MHT](https://twitter.com/JAMESWT_MHT), this recurrent account have use pastebin as malware provider and drop many times different RAT and used each times the same tool obfuscating the strings with escape function and the "MySexoPhone" reference.
-###### As reported by [Dodge This Security](https://twitter.com/shotgunner101) in this tweet [(link)](https://twitter.com/shotgunner101/status/1128753406259138560) and by cyberbit analysis some troubling timeline and malware used in the campaign and hosted by Hagga account. This can be proved this involvement in the Gorgon group.
+###### As reported by [Dodge This Security](https://twitter.com/shotgunner101) in this tweet [(Link)](https://twitter.com/shotgunner101/status/1128753406259138560) and by cyberbit analysis some troubling timeline and malware used in the campaign and hosted by Hagga account. This can be proved this involvement in the Gorgon group.
###### Additionnal references :
* [HONKONE_K tweet about Gorgon group](https://twitter.com/HONKONE_K/status/1141181664296501252)
* [Revenge RAT dropped by Hagga account](https://twitter.com/Arkbird_SOLG/status/1159862633916506112)