Now, in the middle of Q1, we are happy to release our newest and greatest Joe Sandbox version with the code name
Sapphire!
Our
Joe Sandbox Cloud Pro,
Basic and OEM servers have already been upgraded to
Sapphire a couple of weeks ago.
If you want to upgrade your on-premise
Joe Sandbox Desktop,
Mobile,
X,
Complete and
Ultimate installation now, please perform:
mono joeboxserver.exe --updatefast
In this blog post, we will show some of the enhancements and features of
Sapphire.
80 New Behavior Signatures
New signatures including detections for Spectre, Meltdown, various new CVEs, coin miners, DNS hijacker, Loapi and more:
|
Spectre |
|
DNS Hijacker |
|
Loapi |
The new signatures enable analysts to spot and catch the latest security threats!
Remote Assistance
Given the complexity of automating the execution of some malware we added a functionality to provide remote assistance. With remote assistance, analysts can connect to the analysis machine via VNC and start samples manually. Further, they can click away security warnings:
|
Remote Assistance Option |
|
Connect to Analysis Machine |
|
Perform Remote Assistance |
Please note VNC has been directly integrated into the Joe Sandbox Web interface. Therefore it is not required to install any VNC client. Remote Assistance is also very useful to detect
credit card scams:
Template based Phishing Detection
We strengthened the phishing detection with a template engine. The template engine searches the phishing page for a known template (usually a brand image):
|
Phishing Page |
|
Template |
|
Template Match |
Template based phishing detection increase chances to catch targeted phishing attacks. Analysts can easily add their own brand templates and images. Interested? Read more about template based phishing detection in our recent
blog post.
Analysis Report Improvements
Sapphire includes a lot of new graphics, visualizations and report specific improvements. They all make it easier to understand complex threat data:
|
API groups per Hybrid Code Analysis function |
|
Call Graph for Hybrid Code Analysis |
|
Per Hybrid Code Analysis function CFG Graph |
|
Restructured Dropped File Section |
Please note the entropy, which is very efficient to detect ransomware!
|
HTTP Sessions |
|
Behavior Graphs for analysis on macOS |
Support for analysis on macOS High Sierra
Analyse binaries on the latest macOS version:
Support for analysis on Android 7.1 Nougat
Analyse binaries on the recent Android 7.1 release:
Dynamic Instrumentation for Android
With Dynamic Instrumentation Joe Sandbox instruments and analyses dynamically loaded DEX code, enabling deep insights into the latest Android threads:
Want to learn more about Dynamic Instrumentation? Read more about it in this
blog post.
Final Words
In this blog post, we introduced some of the major features of the Sapphire release. Furthermore, minor features are
- IOC logging via Syslog
- VT / Metadefender score for analysis overview
- Redesign of the submission page configuration
- Integration with Viper
- Integration with Malsub
- SSL key extraction
- Button click list for Android
- Jbxbalancer API script
- ACE unpacking
- Fine-grained status information during analysis
- Backjumping in the HTML analysis report
What is next? We have an amazing pipeline of new technologies and features! Stay tuned!