Joe Sandbox X’s architecture is modular. It consists of at least one controller machine running Linux and multiple connected Mac systems (e.g. an Apple Mac Mini or Mac Book Pro). Users or the RESTFul API send files and URLs for analysis via the Joe Sandbox X Web Interface to the controller's server. The Joe Sandbox X server stores the sample in a local file database and forwards them to the connected analysis machines, where the sample is then executed.
Joe Sandbox X's configurable and efficient dynamic and static analysis engine monitors any activities during the binary program execution. Click to read more about Joe Security's unique technologies to analyze binaries.
The executed behavior of the sample is compiled into a detailed analysis report.
Contact Joe Security to schedule a technical presentation and demo.
Joe Sandbox X generates very detailed analysis reports about system and network behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly.
Joe Sandbox X’s behavior analysis engine uses a growing set of over 655+ generic Behavior Signatures to detect and classify malicious behavior activities such as Persistence, Boot Survival, Spreading, Data Spying and Leakage and C&C Communication. Behavior Signatures are extendable and customizable and optionally are shared within a community.
With Joe Sandbox X analysts can directly connect to the analysis machine and click manually through complex malware installers or phishing attacks. The remote assistance option is fully embedded in the browser and therefore no additional software has to be installed.
Joe Sandbox X allows to use Yara Rules for advanced malware detection. Joe Sandbox X forwards all samples, downloaded files, resources as well as memory dumps to Yara. In addition Joe Sandbox X features a nice web based Yara Rule editor. Tired of updating Yara rules? Joe Sandbox X enables to automatically synchronize with GitHub repositories contain Yara rules.
Joe Sandbox X allows to use Simga Rules for threat detection. Joe Sandbox currently supports many Sigma events including process_creation and Sysmon. In addition Joe Sandbox X features a nice web based Sigma Rule editor. Tired of updating your Sigma rules? Joe Sandbox X enables to automatically synchronize with GitHub repositories contain Simga rules.
In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox X captures and generates supplementary data. This includes created files, PCAP of the captured network traffic, screenshots and strings.
Joe Sandbox X reports are provided in all relevant export formats, ranging from common data exchange formats (XML, JSON) and document types (HTML, PDF) to malware security standards such as MAEC, CybOX, MISP and OpenIOC. Therefore, Joe Sandbox X reports can be seamlessly integrated with other tools and platforms.
Joe Sandbox X provides a MITRE ATT&CK matrix. With the matrix, analysts can easily compare adversary tactics and techniques. Joe Sandbox X contains over 2179+ behavior signatures which are mapped to tactics and techniques.
Joe Sandbox X has many Third Party Integrations. Detection results from Virustotal and MetaDefender are visualized in the analysis report. Joe Sandbox X also integrates with Incident Response Solutions such as TheHive, Fame, MISP and CRITs. You can also use Joe Sandbox X in the Security Automation & Orchestration Platform Phantom and Demisto. We also offer integration with additional tools such as Viper and Malsub.
Joe Sandbox X allows for seamless integration into existing security products. A .NET SDK, serving interfaces for automated file submissions and processors for handling generated analysis data is included. For bulk file submissions, Joe Sandbox X provides a queuing system with load-balancing and prioritization mechanisms. OEM customer have full control over the solution, its generated data and configuration.
Joe Sandbox X allows for seamless integration into existing threat intelligence systems. It has a simple RestFul WEB API which enables file upload, analysis data download, searches, filters, alerts and more. Example scripts in Python allow a fast integration.
Joe Sandbox X includes an intuitive web interface with features such as file and URL uploads, cookbook editor, user management and bulk upload/download and mail/syslog notifications.
Joe Sandbox X is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox X supports multiple analysis machines with different applications/versions installed.
Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox X.
Joe Sandbox X analyzes any files, including MACH-O (Mac), DMG (Mac), APP (Mac), XAR (Safari Plugin), PKG. Joe Sandbox X includes a file type recognition engine which detects over 5000 different files.
Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, strings, PCAP and screenshot.
Joe Sandbox X uses a wide range of analysis technologies including dynamic and static. Due to the use of several analysis techniques Joe Sandbox X discovers more behavior than other solutions.
Behavior signatures are tiny scripts to rate data Joe Sandbox X captures from the malware. Joe Sandbox X extracts file, system and network data. Joe Sandbox X includes a steady raising number of 655+ signatures.
Yes, Joe Sandbox X enalbes to analyze malware on native machines. Therefore you can use directly a PC or laptop from your company as an analysis target.
Always the latest macOS version.
Joe Sandbox X runs on standard hardware with Linux as operating system (e.g. Ubuntu Server). For installation a single server is required plus a Mac Mini or Mac Book.
Yes, Joe Sandbox X can be run without any connection to the Internet or our Cloud, however for the installation full Internet access it required. Also malware requiring Internet access won't execute successfully.