diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example
index 80f0f94..9b00b41 100644
--- a/mail_to_misp_config.py-example
+++ b/mail_to_misp_config.py-example
@@ -31,13 +31,13 @@ noidsflaglist = (   'myexternalip.com', 'ipinfo.io', 'icanhazip.com', 'wtfismyip
                 )
 
 # Stop parsing when this term is found
-stopword = b'Whois & IP Information'
+stopword = 'Whois & IP Information'
 
 # Ignore lines in body of message containing:
-ignorelist = (  ".*From: .*\n?", ".*Sender: .*\n?", ".*Received: .*\n?", ".*Sender IP: .*\n?",
-                ".*Reply-To: .*\n?", ".*Registrar WHOIS Server: .*\n?", ".*Registrar: .*\n?",
-                ".*Domain Status: .*\n?", ".*Registrant Email: .*\n?", ".*IP Location: .*\n?"
-            )
+ignorelist = (".*From: .*\n?", ".*Sender: .*\n?", ".*Received: .*\n?", ".*Sender IP: .*\n?",
+                    ".*Reply-To: .*\n?", ".*Registrar WHOIS Server: .*\n?", ".*Registrar: .*\n?",
+                    ".*Domain Status: .*\n?", ".*Registrant Email: .*\n?", ".*IP Location: .*\n?",
+                    ".*X-Get-Message-Sender-Via: .*\n?", ".*X-Authenticated-Sender: .*\n")
 
 # Remove "[tags]", "Re: ", "Fwd: " from subject
 removelist = ("[\(\[].*?[\)\]]", "Re: ", "Fwd: ")
@@ -51,15 +51,21 @@ tlptags = { 'tlp:amber': [ 'tlp:amber', 'tlp: amber', 'tlp amber' ],
 tlptag_default = sorted(tlptags.keys())[0]
 
 malwaretags = { 'locky':    [ 'ecsirt:malicious-code="ransomware"', 'misp-galaxy:ransomware="Locky"' ],
+                'jaff':     [ 'ecsirt:malicious-code="ransomware"', 'misp-galaxy:ransomware="Jaff"' ],
                 'dridex':   [ 'misp-galaxy:tool="dridex"' ],
-                'netwire':  [ 'Netwire RAT' ]
+                'netwire':  [ 'Netwire RAT' ],
+                'Pony':     [ 'misp-galaxy:tool="Hancitor"' ],
+                'ursnif':   [ 'misp-galaxy:tool="Snifula"' ],
+                'NanoCore': [ 'misp-galaxy:tool="NanoCoreRAT"' ],
+                'trickbot': [ 'misp-galaxy:tool="Trick Bot"' ]
               }
+
 # Tags to be set depending on the presence of other tags
 dependingtags = { 'tlp:white': [ 'circl:osint-feed' ]
                 }
 
 # Known identifiers for forwarded messages 
-forward_identifiers = { b'-------- Forwarded Message --------', b'Begin forwarded message:' }
+forward_identifiers = { '-------- Forwarded Message --------', 'Begin forwarded message:' }
 
 # Tags to add when hashes are found (e.g. to do automatic expansion)
 hash_only_tags = { 'TODO:VT-ENRICHMENT' }