diff --git a/rules/proxy/proxy_ua_malware.yml b/rules/proxy/proxy_ua_malware.yml
index eefd0d24c..cc8af12e5 100644
--- a/rules/proxy/proxy_ua_malware.yml
+++ b/rules/proxy/proxy_ua_malware.yml
@@ -46,6 +46,7 @@ detection:
         - 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)'  # Fareit
         - 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)'  # Webshell's back connect
         - 'MSIE'  # Toby web shell
+        - '*(Charon; Inferno)'  # Loki Bot
 
         # Others 
         - '* pxyscand*'