MiscreantPunch.INFO.EXEInsideOfDoc.1;Target:0;(0);D0CF11E0A1B11AE1*004f0062006a0049006e0066006f00*4d5a{19-}21546869732070726f6772616d20 MiscreantPunch.INFO.EXEInsideOfDoc.2;Target:0;(0);D0CF11E0A1B11AE1*004f006c006500310030004e0061007400690076006500*4d5a{19-}546869732070726f6772616d20 MiscreantPunch.INFO.JARInsideOfDoc.1;Target:0;(0);D0CF11E0A1B11AE1*004f006c006500310030004e0061007400690076006500*504b*4d4554412d494e462f4d414e49464553542e4d46*2e636c617373504b MiscreantPunch.INFO.JARInsideOfDoc.2;Target:0;(0);D0CF11E0A1B11AE1*004f0062006a0049006e0066006f00*504b*4d4554412d494e462f4d414e49464553542e4d46*2e636c617373504b MiscreatePunch.INFO.EXEInsideOfRTF.1;Target:0;(0);7b5c7274*34643561{38-}3534363836393733323037303732366636373732363136643230 MiscreantPunch.INFO.EXEInsideOfDoc.ASASCII.1;Target:2;(0);34643561{38-}3534363836393733323037303732366636373732363136643230 MiscreantPunch.INFO.EXEInsideOfDoc.VBASCII.1;Target:2;(0&1&2);26483444::wai;26483541::wai;0/&H21[\s\r\n]*&H54[\s\r\n]*&H68[\s\r\n]*&H69[\s\r\n]*&H73[\s\r\n]*&H20[\s\r\n]*&H70[\s\r\n]*&H72[\s\r\n]*&H6F[\s\r\n]*&H67[\s\r\n]*&H72[\s\r\n]*&H61[\s\r\n]*&H6D[\s\r\n]*&H20[\s\r\n]*&H63[\s\r\n]*&H61[\s\r\n]*&H6E[\s\r\n]*&H6E[\s\r\n]*&H6F[\s\r\n]*&H74[\s\r\n]*&H20/si MiscreantPunch.INFO.EXEInsideOfDoc.ASASCII.2;Target:0;(0);48344426616d703b48354126616d703b*48353426616d703b48363826616d703b48363926616d703b48373326616d703b48323026616d703b48373026616d703b48373226616d703b48366626616d703b48363726616d703b48373226616d703b48363126616d703b48366426616d703b::i MiscreantPunch.INFO.EXEInsideOfDoc.B64.1;Target:2;((0|1|2)&(3|4|5|6|7|8));5456;3161;4e57;5647687063794251636d396e636d4674;526f61584d6755484a765a334a6862;5561476c7a49464279623264795957;53305653546b564d4d7a49755a477873;7446556b354654444d794c6d527362;4c52564a4f5255777a4d69356b6247 MiscreantPunch.INFO.OleNativePackageDiagCab;Target:2;(0);006c006500310030004e00610074006900760065*6469616763616200*4d534346*446961675061636b6167652e63617400::iwa MiscreantPunch.INFO.OleNativePackageEXECode.InsideOLE;Target:2;(0>1&1&2&3&4);005061636b616765;52746c4d6f76654d656d6f7279::i;5669727475616c416c6c6f63::i;437265617465546872656164::i;080000005061636b61676500 MiscreantPunch.INFO.OleNativePackageEXEExt.InsideOLE;Target:2;(0&1&2);006c006500310030004e00610074006900760065;000200;1/\x00\x02\x00[^\x00]+\x00(?:[a-z]\x3a\x5c|\x5c\x5c)[^\x00]*\.(?:c(?:[ho]m|md|pl|rt)|m(?:s[cipt]|d[be])|p(?:yw?|cd|if|s1)|s(?:c[rt]|h[bs])|v(?:b(?:e|s(?:cript)?)?|xd)|a(?:d[de]|sp)|i(?:n[fs]|s[pu]|nx)|r(?:eg|gs|b)|j(?:se?|ar|ob)|3(?:86|gr)|d(?:iagcab|bx|ll)|h(?:lp|ta)|ws[cfh]?|ba[st]|gadget|exe|fon|lnk|ocx|u(?:3p|rl))\x00\x00\x00\x03\x00.{4}(?:[a-z]\x3a\x5c|\x5c\x5c)[^\x00]*\.(?:c(?:[ho]m|md|pl|rt)|m(?:s[cipt]|d[be])|p(?:yw?|cd|if|s1)|s(?:c[rt]|h[bs])|v(?:b(?:e|s(?:cript)?)?|xd)|a(?:d[de]|sp)|i(?:n[fs]|s[pu]|nx)|r(?:eg|gs|b)|j(?:se?|ar|ob)|3(?:86|gr)|d(?:iagcab|bx|ll)|h(?:lp|ta)|ws[cfh]?|ba[st]|gadget|exe|fon|lnk|ocx|u(?:3p|rl))\x00/si MiscreantPunch.INFO.PiratedOfficeVersionWMacrosXBAG.1;Target:2;(0&1&2&3);52655061636b206279204469616b6f76::iwa;0456424136;0456424137;56697375616c20426173696320466f72204170706c69636174696f6e::iwa MiscreantPunch.INFO.CrackedVersion;Target:2;(0&(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16));52655061636b206279205350656369616c695354::i;446f63756d656e745f4f70656e::i;446f63756d656e745f436c6f7365::i;576f726b73686565745f4f70656e::i;4175746f5f4f70656e::i;4175746f4f70656e::i;576f726b626f6f6b5f4f70656e::i;4175746f5f436c6f7365::i;4175746f436c6f7365::i;446f63756d656e745f4f70656e::i;446f63756d656e745f436c6f7365::i;576f726b73686565745f4f70656e::i;4175746f5f4f70656e::i;4175746f4f70656e::i;576f726b626f6f6b5f4f70656e::i;4175746f5f436c6f7365::i;4175746f436c6f7365::i MiscreantPunch.INFO.PaFishMacro;Target:2;(0&1&2&3&4&(5|6|7|8|9|10|11|12));2250616669736820666f72204f6666696365204d6163726f207632::i;206279204a6f6520536563757269747922::i;636865636b526563656e74446f6373::i;7072696e744d73672022444554454354454422::i;7072696e744d736720224f4b22::i;446f63756d656e745f4f70656e::i;446f63756d656e745f436c6f7365::i;576f726b73686565745f4f70656e::i;4175746f5f4f70656e::i;4175746f4f70656e::i;576f726b626f6f6b5f4f70656e::i;4175746f5f436c6f7365::i;4175746f436c6f7365::i MiscreantPunch.INFO.CrackedVersion.2;Target:2;(0&(1|2|3|4|5|6|7|8));5350656369616c6953542052655061636b::i;446f63756d656e745f4f70656e::i;446f63756d656e745f436c6f7365::i;576f726b73686565745f4f70656e::i;4175746f5f4f70656e::i;4175746f4f70656e::i;576f726b626f6f6b5f4f70656e::i;4175746f5f436c6f7365::i;4175746f436c6f7365::i MiscreantPunch.INFO.NoWordsHasMacro;Target:2;(0&(1|2|3|4|5|6|7|8|9|10));01000000??00000002000000????????03000000????????04000000????????05000000????????06000000????????07000000????????08000000????????09000000????????12000000????????0A000000????????0C000000????????0D000000????????0E0000004?0100000F000000????????10000000????????13000000????????;4174747269627574652056425f::i;44696d::if;446f63756d656e745f4f70656e::i;446f63756d656e745f436c6f7365::i;576f726b73686565745f4f70656e::i;4175746f5f4f70656e::i;4175746f4f70656e::i;576f726b626f6f6b5f4f70656e::i;4175746f5f436c6f7365::i;4175746f436c6f7365::i MiscreantPunch.INFO.LNK.CMDPSHELL;Target:0;(0&1);4c0000000114020000000000C000000000000046*636d642e657865::i;0/cmd\.exe.+?p\x00\^?\x00?o\x00\^?\x00?w\x00\^?\x00?e\x00\^?\x00?r\x00\^?\x00?s\x00\^?\x00?h\x00\^?\x00?e\x00\^?\x00?l\x00\^?\x00?l/si MiscreantPunch.INFO.LNK.PSHELL;Target:0;(0);4c0000000114020000000000C000000000000046*5c57696e646f7773506f7765727368656c6c5c76312e305c706f7765727368656c6c::i #MiscreantPunch.SUSPICIOUS.DOC_Large_Number_of_ActiveX_Defs_Likely_HeapSpray;Target:0;(0>15);776f72642f616374697665582f61637469766558{1-3}2e786d6c504b MiscreantPunch.EXEInsideOfRTF.2;Engine:81-255,Container:CL_TYPE_RTF,Target:1;(0);0:4d5a{19-}546869732070726f6772616d20 MiscreantPunch.Suspicious.RemoteTempalteCall;Engine:81-255,Container:CL_TYPE_ZIP,Target:7;(0&1&2&3);3c72656c6174696f6e73686970::i;7461726765746d6f6465::i;617474616368656474656d706c617465::i;0/\).)+?targetmode\s*=\s*[\x22\x27]?\s*external)(?=(?:(?!\/>).)+?type\s*=\s*[\x22\x27][^\x22\x27\s]+\/attachedtemplate)(?:(?!\/>).)+?target\s*=\s*[\x27\x22]?\s*(?:https?\x3a|ftp\x3a)/si