From 058d719e2ba465db00a96ac7bc4859aad13bb084 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Mon, 12 Feb 2018 10:08:32 +0100
Subject: [PATCH] Rule update: Proxy UA > Loki Bot

---
 rules/proxy/proxy_ua_malware.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/proxy/proxy_ua_malware.yml b/rules/proxy/proxy_ua_malware.yml
index eefd0d24c..cc8af12e5 100644
--- a/rules/proxy/proxy_ua_malware.yml
+++ b/rules/proxy/proxy_ua_malware.yml
@@ -46,6 +46,7 @@ detection:
         - 'Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)'  # Fareit
         - 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)'  # Webshell's back connect
         - 'MSIE'  # Toby web shell
+        - '*(Charon; Inferno)'  # Loki Bot
 
         # Others 
         - '* pxyscand*'