Clik here to view.
OEM'ing Joe Sandbox
Here at Joe Security, we have a long tradition of doing OEM business. OEM stands for original equipment manufacturer and is kind of misleading term. Today OEM is often used to describe that company B...
View ArticleClik here to view.
Joe Sandbox 18.0.0 is ready!
We are happy to announce the release of Joe Sandbox 18, our most advanced Deep Malware Analysis engine. In this blog post we will share some of the most interesting new features we have implemented.VBA...
View ArticleClik here to view.
PowerShell ScriptBlockLogging rocks!
Needless to say, PowerShell has become an important means for Malware to do persistence. If you are interested in learning more about this topic, an excellent write-up about PowerShell & Malware...
View ArticleClik here to view.
Behavior Graph 2.0
Besides working on new and deep malware analysis features we also continuously improve and extend the visualizations. Visualizations help to understand complex data very quickly and also to separate...
View ArticleClik here to view.
Brief technical Analysis of Wannacry Ransomware Worm v2
Last Friday, May 12th 2017 cyber criminals started to spread a new ransomware. The malicious code was not highly sophisticated, it was using a recently patched SMB bug (MS17-010 also known as...
View ArticleClik here to view.
Joe Sandbox + Phantom
Good news! You now can use Joe Sandbox in the Phantom: Security Automation and Orchestration Platform!What is Phantom exactly? It is an awesome tool to intelligently combine and automate various...
View ArticleClik here to view.
Joe Sandbox 19 is out!
We have good news: Joe Sandbox version 19 is out! This is a big release with many improvements, enhancements, and new features. If you are an on-premise customer you can simply upgrade to Joe Sandbox...
View ArticleClik here to view.
Level Up: Introducing Hypervisor based Inspection in Joe Sandbox
At Joe Security, innovation is in our genes. We have been working on an awesome new component which takes advantage of hardware virtualization to analyze and detect malware. We call this new product...
View ArticleClik here to view.
Visit Joe Security at Black Hat USA 2017
Join Joe Security at Black Hat USA 2017 in Las Vegas from July 22nd to July 27th to get the very latest information about security research, development, and trends.We will have the pleasure to...
View ArticleClik here to view.
Joe Sandbox View - the threat hunting & search engine
Hunting for similar or associated threats is a key task for SOCs, CERTs, CIRTS and IR teams. If you are testing threat search engines, you will find many allowing searching for a very small set of...
View ArticleClik here to view.
LIA - Localized Internet Anonymization
Having Internet access when dynamically analyzing malware is a key. Nearly all malware you get today (first stage) are droppers having as the main goal to download second stage malware. Droppers are...
View ArticleClik here to view.
Joe Sandbox Cloud Basic, a new era begins!
Today we’re very proud to announce the launch of the fully redesigned Joe Sandbox Cloud Basic website. Over the past years, we have constantly collected a lot of information and received extremely...
View ArticleClik here to view.
Generic JS Instrumentation
Attackers are constantly changing their tactics and procedures in order to find new containers to deliver and execute code on end-points. Beside VBA in Microsoft Office Documents, Javascript files are...
View ArticleClik here to view.
Joe Sandbox 20 is out!
Happy Release Day!!! A new Joe Sandbox version is out! This is our twentieth release, what a number!Version 20 is a big release with many improvements, enhancements, and new features. If you have an...
View ArticleClik here to view.
Bare Metal - Golden Hardware
Joe Sandbox enables analysts to execute and analyze malware on Bare Metal machines. What is Bare Metal and why does it matter? No, it is not the cool Bare Metal hot rod above, but it has a similar...
View ArticleClik here to view.
NotPetya reappears as BadRabbit and keeps the Semi Kill Switch
Yesterday, Russia and Ukraine have been targeted by the Bad Rabbit Ransomware, distributed via drive by.The sample named install_flash_player.exe, sha256...
View ArticleClik here to view.
Detecting Phishing Pages with Template Matching
Password Fishing (Phishing) has become the Number One vector of cybersecurity incidents and data breaches. According to a recent SANS Institute report, 95% of all incidents start with phishing attacks...
View ArticleClik here to view.
Retefe loaded with new MUILanguage Sandbox Evasion
Lately, we came across a new Retefe version which uses some nice trick to bypass sandboxes (Retefe is a well know and sophisticated e-banking trojan). The initial analysis looks quite normal, there is...
View ArticleClik here to view.
Threading based Sleep Evasion
Recently we came across an interesting sample: MD5: 52540f430c060a7e5753c999891514a1. A first look at the analysis revealed the following characteristics:Besides a small spike in the classification...
View ArticleClik here to view.
Loapi - from Static to Dynamic Instrumentation
You might have already heard about Loapi - the Android malware which will kill your phone due to exhaustive bitcoin mining. Loapi was found by Kaspersky, an excellent write-up can be found here: Jack...
View Article