Clicky

Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Sandbox X

Deep Malware Analysis for Malware targeting Mac OS X

Joe Sandbox X Joe Sandbox X executes files in a controlled environment and monitors the behavior of applications and operating systems for suspicious activities. All activities are compiled into comprehensive and extensive analysis reports.

Analysis reports, which contain key information about potential threats, enable cyber-security professionals to deploy, implement and develop appropriate defense and protections.

Joe Sandbox X enables to install and use Joe Sandbox in your lab. Joe Sandbox X analyzes malware targeting Mac OS X.

Joe Sandbox X Explained

Joe Sandbox X Explained

Joe Sandbox X’s architecture is modular. It consists of at least one controller machine running Linux and multiple connected Mac systems (e.g. an Apple Mac Mini or Mac Book Pro). Files are sent for analysis via the Joe Sandbox X Web Interface to the controller's server. The Joe Sandbox X server stores the submission in a local file database and forwards them to the connected analysis machines, where the submission is then executed.

Joe Sandbox X’s configurable and efficient dynamic and static analysis engine monitors any activities during the binary program execution and reports behavior data instantly to the controller.

Evaluating results, statistics, activities and code functions are compiled into a detailed and well structured report.


Explore Joe Sandbox X

Contact Joe Security to schedule a technical presentation.

Comprehensive Reports

Joe Sandbox X generates very detailed analysis reports about system and network behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly.

Comprehensive Reports


290+ Generic and Open Behavior Signatures

Joe Sandbox X’s behavior analysis engine uses a growing set of over 290+ generic Behavior Signatures to detect and classify malicious behavior activities such as Persistence, Boot Survival, Spreading, Data Spying and Leakage and C&C Communication. Behavior Signatures are extendable and customizable and optionally are shared within a community.

290+ Generic and Open Behavior Signatures

Yara

Joe Sandbox X allows to use Yara Rules for advanced malware detection. Joe Sandbox X forwards all samples, downloaded files, resources as well as memory dumps to Yara. In addition Joe Sandbox X features a nice web based Yara Rule editor. Tired of updating Yara rules? Joe Sandbox X enables to automatically synchronize with GitHub repositories contain Yara rules.

Yara

IDS Network Analysis

Joe Sandbox X enables to analyze automatically the network data via Snort. Snort with e.g. Emerging Threats ETOpen/ETPro rules detects malicious IPs, Domains or other network artifacts.

IDS Network Analysis

Extensive supplementary Analysis Data

In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox X captures and generates supplementary data. This includes created files, PCAP of the captured network traffic, screenshots and strings.

Extensive supplementary Analysis Data

Third Party Integrations

Joe Sandbox X has many Third Party Integrations. Detection results from Virustotal and MetaDefender are visualized in the analysis report. Joe Sandbox X also integrates with Incident Response Solutions such as TheHive, Fame and MISP.

Third Party Integrations

Build for OEM Integration

Joe Sandbox X allows for seamless integration into existing security products. A .NET SDK, serving interfaces for automated file submissions and processors for handling generated analysis data is included. For bulk file submissions, Joe Sandbox X provides a queuing system with load-balancing and prioritization mechanisms. OEM customer have full control over the solution, its generated data and configuration.

Build for OEM Integration

Simplified Management and Control

Joe Sandbox X includes an intuitive web interface with features such as file and URL uploads, cookbook editor, user management and bulk upload/download and mail/syslog notifications.

Simplified Management and Control

Flexibility and Customization

Joe Sandbox X is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox X supports multiple analysis machines with different applications/versions installed.

Flexibility and Customization

Additional Support, Maintenance and Consulting

Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox X.

Additional Support, Maintenance and Consulting

Explore Joe Sandbox X

Have a look at the behavior analysis reports generated by Joe Sandbox X or contact Joe Security to schedule a technical presentation.

What files does Joe Sandbox X analyze?

Joe Sandbox X analyzes any files, including MACH-O (Mac), DMG (Mac), APP (Mac), XAR (Safari Plugin). Joe Sandbox X includes a file type recognition engine which detects over 5000 different files.

What report and forensic data does Joe Sandbox X generate?

Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, strings, PCAP and screenshot.

Which analysis technology does Joe Sandbox X use?

Joe Sandbox X uses a wide range of analysis technologies including dynamic and static. Due to the use of several analysis techniques Joe Sandbox X discovers more behavior than other solutions.

What are behavior signature?

Behavior signatures are tiny scripts to rate data Joe Sandbox X captures from the malware. Joe Sandbox X extracts file, system and network data. Joe Sandbox X includes a steady raising number of 290+ signatures.

Does Joe Sandbox X analyze malware on native machines?

Yes, Joe Sandbox X enalbes to analyze malware on native machines. Therefore you can use directly a PC or laptop from your company as an analysis target.

Which Mac OS X verions are supported?

Always the latest Mac OS X version.

What hardware and operating systems do I need to install Joe Sandbox X?

Joe Sandbox X runs on standard hardware with Linux as operating system (e.g. Ubuntu Server). For installation a single server is required plus a Mac Mini or Mac Book.

Is Joe Sandbox X a 100% standalone application?

Yes, Joe Sandbox X can be run without any connection to the Internet or our Cloud.

What types of license do you offer?

We offer perpetual licenses with a site, country or world-wide scope. Services such as support and upgrades are availabe as an annual renewing license.