'Suspicious File' syslog events from the Malware Analysis service display Korean characters as the HTML numeric character reference for the Unicode characters as shown below.

Aug 10 11:12:20 malware WARNING:Suspicious File:Spectrum Analysis:user=Unknown identity:Detected suspicious 
file:static=0.0:nextgen=56.0:community=0.0:file.name=테스트문서
.xls.doc:file.size=176640:file.md5.hash=aabb31170222222d9ff50c4400bb4411:file.sha1.hash=
11111e58c5cd464ec7aebb379ca5af69b9000000:file.sha256.hash=
1111111e00790c6226405bcffd23a45efb275cd2d677a98ac40719e661000000:event.id=11

If the file name were displayed correctly, then the message would show as (filename=테스트문서.xls).

Aug 10 11:12:20 malware WARNING:Suspicious Event:Spectrum Analysis:user=Unknown identity:
Detected suspicious network event:static=0.0:nextgen=56.0:community=0.0:malware.nextgen.source=
nws://x.x.x.x:56003/sdk:event.type=NEXTGEN:event.id=11:country.dst=Private:filetype=office 2007 
document,zip,office 95-2003 excel document:server=Microsoft-IIS/7.5:extension=
xls,xml,rels:org.src=xxx:lifetime=0:tcp.dstport=80:medium=1:sessionid=100:rid=100:directory=
_rels/,//ServerFiles/NoticeFileAttatch/,theme/theme/_rels/,theme/theme/:content=
application/vnd.ms-excel,spectrum.analyze,spectrum.consume:packets=11:eth.type=
2048:rpackets=2:tcp.srcport=10:ip.dst=x.x.x.x:city.src=Seoul:ip.proto=6:payload=
100:eth.src=FF:FF:FF:FF:FF:FF:client=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; 
Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729):action=
get:longdec.src=111.0089:country.src=Korea, Republic of:threat.category=spectrum,nonstandard:alert.id=
nw32550,nw60020:tcp.flags=26:streams=2:eth.dst=FF:FF:FF:FF:FF:FF:alias.ip=x.x.x.x:threat.source=
netwitness:ip.src=x.x.x.x:filename=테스트문서.xls,themeManager.xml,
[Content_Types].xml,themeManager.xml.rels,.rels,테스트문서.xls,theme1.xml:size=268875:service=
80:time=Wed Aug 10 11:12:20 UTC 2016:risk.info=http over non-standard port,http direct to 
ip request:latdec.src=11.2911:rpayload=2760:did=packetdecoder