Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Behavior Graph 2.0

Besides working on new and deep malware analysis features we also continuously improve and extend the visualizations. Visualizations help to understand complex data very quickly and also to separate noise from interesting data. So far Joe Sandbox generates the following visualizations: Classification (Spider Chart) Behavior Graphs IP to Country World Map CPU and Memory Statistics Behavior Distribution Execution Graphs Recently have added some cool new features to the Behavior Graph. In this blog post, we outline some of them.


PowerShell ScriptBlockLogging rocks!

Needless to say, PowerShell has become an important means for Malware to do persistence. If you are interested in learning more about this topic, an excellent write-up about PowerShell & Malware has been published by Symantec THE INCREASED USE OF POWERSHELL IN ATTACKS. PowerShell has a lot of tricks which makes analysis harder, however, in PowerShell 5.0, Microsoft added some nice logging feature.


Joe Sandbox 18.0.0 is ready!

We are happy to announce the release of Joe Sandbox 18, our most advanced Deep Malware Analysis engine. In this blog post we will share some of the most interesting new features we have implemented. VBA Macro Winapi Instrumentation Samples using Winapi (native or normal ones) calls inside a Microsoft Office Macro are now instrumented and logged: A malware family using Winapi calls in Macros is Hancitor.  SCAE Library Code Detection We added library code detection to SCAE (Static Code Analysis Engine) and EGA (Execution Graph Analysis): The EGA nodes are shown with a lower opacity, making it easier to distinguish between malware code and library code.


Older Posts