Clicky

Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Sandbox Cloud

Deep Malware Analysis in the Cloud for Malware
targeting Windows, Android, Mac OS X and iOS.

Joe Sandbox Cloud Joe Sandbox Cloud executes files and URLs in a controlled environment and monitors the behavior of applications and the operating system for suspicious activities. All activities are compiled into comprehensive and detailed analysis reports.

Analysis reports, containing key information about threats, enable cyber-security professionals to deploy, implement and develop appropriate defense strategies and protection mechanisms.

Joe Sandbox Cloud enables use of Joe Sandbox Ultimate through an online web service and enables analysis of any malware targeting Windows-, Android-, Mac OS X and iOS based operating systems.

Joe Sandbox Cloud is fully private. No sample or analysis data are shared or uploaded to any third parties!

Joe Sandbox Cloud is a web service based on Joe Sandbox Ultimate, hosted by Joe Security. The web service enables cyber-security professionals to upload files and URLs for testing, downloadable analysis reports and other threat intelligence data.

Explore Joe Sandbox Cloud

Contact Joe Security to schedule a technical presentation or to receive a free 7-day trial for Joe Sandbox Cloud Pro.

Comprehensive Reports

Joe Sandbox Cloud generates very detailed analysis reports about system, network, browser and tampering/code manipulation behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly. A context based search enables to quickly navigate.

Comprehensive Reports

All Files on all Platforms

Joe Sandbox Cloud enables analysis of all executable files (including malicious documents) on Windows XP, Windows W7, Windows W7 x64, W8 and W10. Android Application Packages (APK) can be analyzed on all Android versions. In addition Joe Sandbox Cloud analyses files on Mac OS X and iOS.

All Files on all Platforms

Analysis of Office Files

Joe Sandbox Cloud analyses Office files for Microsoft Word, Excel, Powerpoint, Hangul Hancom (Korean Office) and Ichitaro (Japanese Office). Support for additional Office suites can be easily added.

Analysis of Office Files

1171+ Generic and Open Behavior Signatures

Joe Sandbox Cloud uses a growing set of over 1171+ generic Behavior Signatures to detect and classify malicious behavior activities such as Exploiting and Shellcode (for malicious documents), Persistence, Boot Survival, Spreading, Data Spying and Leakage and C&C Communication. Behavior Signatures are extendable and customizable and optionally are shared within a community.

1171+ Generic and Open Behavior Signatures

Virtual and Physical Analysis Systems

Joe Sandbox Cloud enables to use a mix of virtual and physical analysis machines for analysis. Physical devices are very helpful in order to deal with evasive malware which may not run on virtual systems.

Virtual and Physical Analysis Systems

Multilayered System with intelligent Chaining

Joe Sandbox Cloud implements an intelligent malware analysis chain, starting with coarse grained and ending with in-depth fine grained malware analysis techniques. The intelligent chain enables to sort out uninteresting samples and focus on the most interesting malware samples.

Multilayered System with intelligent Chaining

Mail Monitor

Joe Sandbox Cloud includes Mail Monitor, which logs in to mail accounts and checks if there are mails with attachment. If so it downloads and analyzes the attachment automatically.

Mail Monitor

Execution Graphs

Joe Sandbox Cloud generates highly condensed control flow graphs, so called Execution Graphs. Execution Graphs enable to detect evasions against malware analysis systems. Furthermore Execution Graphs allow to rate the behavior by looking at API chains, execution coverage and loops.

Execution Graphs

C-Code Generation

Joe Sandbox Ultimate includes Joe Sandbox DEC, which generates simple C functions from unpacked PE files. The generated C code is easy to understand for security professionals and enables more efficient analysis than the corresponding disassembly code.

C-Code Generation

SSL Proxy

Joe Sandbox Cloud enables to inspect HTTPS traffic. Similiar to a next generation firewall Joe Sandbox Cloud installs a MITM SSL Proxy which intercepts and analyzes any SSL traffic. This allows to inspect malicious HTTPS C&C traffic which is often used in APTs.

SSL Proxy

Yara

Joe Sandbox Cloud allows to use Yara Rules for advanced malware detection. Joe Sandbox Cloud forwards all samples, downloaded files, resources as well as memory dumps to Yara. In addition Joe Sandbox Cloud features a nice web based Yara Rule editor.

Yara

Yara Rule Generation

Joe Sandbox Cloud creates various Yara rules based on static, dynamic and hybrid behavior data. The generated Yara rules allow to identify specific malware, malware families and malware variants. Yara Rule Generator uses sophisticated data rating and clustering algorithms.

Yara Rule Generation

Extensive supplementary Analysis Data

In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox Cloud captures and generates supplementary data. This includes created files, unpacked PE files, memory dumps, PCAP of the captured network traffic, screenshots, shellcode and strings.

Extensive supplementary Analysis Data

Reports provided in all relevant Formats

Joe Sandbox Cloud reports are provided in all relevant export formats, ranging from common data exchange formats (XML, JSON) and document types (HTML, PDF) to malware security standards such as MAEC, CybOX, MISP and OpenIOC. Therefore, Joe Sandbox Cloud reports can be seamlessly integrated with other tools and platforms.

Reports provided in all relevant Formats

Seamless IDA Integration

Joe Sandbox Cloud delivers an IDA plugin which loads supplementary analysis data such as memory dumps and reconstructed PE files. Moreover the plugin enriches IDA code with dynamic information such as APIs, chunks, strings and function arguments. IDA integration enables to deeply understand und further investigate malicious code with the power of IDA.

Seamless IDA Integration

High Detection Precision

Joe Sandbox Cloud is tuned to detect malicious samples with high precision. Extensive tests have shown an average false positive rate < 2% and false negative rate < 6% for PE files.

High Detection Precision

Automated User Behavior

Through predefined and configurable Cookbooks - special scripts submitted as second input - Joe Sandbox Cloud allows for performing advanced use cases on the analysis machine. Cookbook scripts describe an analysis procedure and allow any possible user behavior to be automated. Browsing a URL with IE, Firefox or Chrome, logging into an email account, or running a file with special arguments are just a few examples of the existing Cookbooks included.

Automated User Behavior

Seamless Integration

Joe Sandbox Cloud allows for seamless integration into existing threat intelligence systems. It has a RestFul WEB API which enables file upload, analysis data download, searches, filters, alerts and more. Example scripts in Python allow a fast integration.

Seamless Integration

Learn more about Joe Sandbox Cloud

Contact Joe Security to get a Joe Sandbox Cloud trial account or schedule a technical presentation or live demo.

Joe Sandbox Cloud Resources:

Joe Security offers Pro and Basic account types with different feature sets. Pro accounts are completely private with all features available. Basic accounts are public and feature limited.

Mobile X Desktop Complete Ultimate
Private Accounts, no Sample or Analysis Result Sharing
Multi Tenancy, Data is allways tied to one User
Full Sample Privacy, no Third Party or Cloud Lookups
Download HTML Report
Download JSON Report
Download XML Report
Download PCAP (Network Traffic)
Download created / dropped Files
Download String Files
Download Screenshots
Download MISP Report
Download MAEC Report
Download unpacked PE Files
Download memory Dumps (and analyze them in IDA with the Joe Sandbox bridge plugin)
Analysis on Android 4.2
Analysis on Android 4.4
Analysis on Android 5.1
Analysis on Android 5.1 Native
Analysis on Android 6.0
Analysis on Mac OS X El Capitan
Analysis on iOS 7.1
Analysis on Native Machines
Analysis on Windows XP
Analysis on Windows 7
Analysis on Windows 7 x64
Analysis on Windows 8
Analysis on Windows 10
Analysis on Windows 10 x64
Test different Application Versions (Acrobat, Office, Chrome, Firefox, IE, Flash, Java)
Analyze URLs
Inspect and analyze encrypted HTTPS traffic
Submit Cookbooks to automate advanced User Behavior
Use Adapative Internet Simulation (HCA)
Use Hybrid Code Analysis (HCA)
Use Execution Graph Analysis (EGA)
Use Yara to check memory dumps, samples and downloaded files
Use the Joe Sandbox IDA Bridge Plugin to load and annotate memory dumps
Download Yara rules and generate Yara super rules to identify malware families and variants
Use Joe Sandbox Filter for fast pre processing
Use Joe Sandbox DEC (Hybrid Decompilation) for C-code generation
Use Mail Monitor, periodically scans Mail accounts for malware
Analyses volume per month From 250 to 100k
 

Want to try Joe Sandbox Cloud first?

Joe Security offers free 7-day trial for Pro accounts.

Please contact Joe Security to get a trial.

APK File Document URL Mail Yara
Private Accounts, no Sample or Analysis Result Sharing
View HTML Report
Analysis APK (Android Application Packages)
Analysis PE files (EXE and DLL)
Analyse Documents (DOC(X)(M), XLS(X)(M), PPT(X)(M), PDF)
Analyze URLs
Analyze Mails
Generate Yara Rules
Use Hybrid Code Analysis (HCA) limited limited limited limited limited limited
Analyses volume per month (max 10 per day) 200 200 200 200 200 200
 
Monthly fee free free free free free free

Start using Joe Sandbox Cloud Basic now!

What is the difference between Joe Sandbox Cloud and our In-House products?

Joe Sandbox Cloud is a Web service. Therefore you do not have to install any software and can start malware analsis by using your web browser. Compared to Joe Sandbox Ultimate our most advanced in-house product Joe Sandbox Cloud is has some feature limitation.

Do you share uploaded samples and analysis results?

For Joe Sandbox Cloud Pro accounts we do not share any samples or any analysis results with anyone. We also do not make any backups of it. Your uploaded samples and analysis results are fully private. The samples are not uploaded to Virustotal or any third party service!

What files does Joe Sandbox Cloud analyze?

Joe Sandbox Cloud analyzes all files, including EXE, DLL, PIF, CMD, BAT, COM, SCR, CPL, PDF, DOC(X)(M), XLS(X)(M), PPT(X)(M), HPW (Hangul Korean), JTD (Ichitaro Japan), RFT, XPI, CRX (Chrome Plugin), EML (Email), MSG (Email), CHM, JS, VBS, VBE, LNK, JAR (Java), PS1 (Powershell), ZIP, 7Z, RAR, ZLIB, APK (Android Application Package), MACH-O (Mac), DMG (Mac), APP (Mac), XAR (Safari Plugin) on Windows Desktop, Android, Mac OS X and iOS based operating systems. Joe Sandbox Cloud includes a file type recognition engine which detects over 5000 different files.

What report and forensic data does Joe Sandbox Cloud generate?

Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, memory dumps, strings, PCAP, yara rules, screenshot, unpacked PE files, openIOC, MISP and MAEC.

Which analysis technology does Joe Sandbox Cloud use?

Joe Sandbox Cloud uses a wide range of analysis technologies including dynamic, static as well as hybrid. Due to the use of several analysis techniques Joe Sandbox Cloud discovers more behavior than other solutions.

What are behavior signature?

Behavior signatures are tiny scripts to rate data Joe Sandbox Cloud captures from the malware. Joe Sandbox Cloud extracts system, network, memory, code and browser data. Joe Sandbox Cloud includes a steady raising number of 1171+ signatures.

Can I write and use my own behavior signatures?

No, this feature is only available in our in-house products, e.g. Joe Sandbox Ultimate.

Does Joe Sandbox Cloud analyze malware on native machines?

Yes, Joe Sandbox Cloud enables to analyze malware on native machines.

Which Windows, Android, Mac OS X and iOS systems are supported?

Windows XP, Windows 7, Windows 7 x64, Windows 8, Windows 10, Windows 10 x64, Android 4.2, Android 4.4, Android 5.1, Android 6.0, Mac OS X El Capitan and iOS 7.1.2 (iPhone 4).

Is there an API for automation?

Yes, there is an extensive REST based Web API.

Can I upload Yara rules?

Yes, your rules are evaluated against submitted files, dropped / downloaded files, memory dumps and pcaps.

What types of license do you offer?

Joe Sandbox Cloud is offered as a subscription based service.