diff --git a/rules/proxy/proxy_ua_malware.yml b/rules/proxy/proxy_ua_malware.yml
index 2d61e65ab..b7f328c85 100644
--- a/rules/proxy/proxy_ua_malware.yml
+++ b/rules/proxy/proxy_ua_malware.yml
@@ -51,6 +51,9 @@ detection:
         - 'Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)'  # https://goo.gl/g43qjs
         - 'Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.1)'  # MacControl malware https://goo.gl/sqY3Ja https://www.symantec.com/connect/blogs/osxmacontrol-back-it-again
         - 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'  # used by Zebrocy malware https://app.any.run/tasks/7d7fa4a0-6970-4428-828b-29572abf9ceb/
+        # Ursnif
+        - 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0; Win64; x64)'
+        - 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)'
         # Others 
         - '* pxyscand*'
         - '* asd'