We have good news: Joe Sandbox version 19 is out! This is a big release with many improvements, enhancements, and new features. If you are an on-premise customer you can simply upgrade to Joe Sandbox 19 via:
mono joeboxserver --updatefast
In this blog post, we will outline some of the enhancements and new features of v19.
Phishing is a growing trend, and many products have very poor detection for it. Therefore we added a behavior based Phishing detection to v19. How does it work? Joe Sandbox will browse URLs in IE and then store the DOM. The same is done for iframes as well as links found on the page. The DOM array is then evaluated by using several new behavior signatures:
For more in-depth analysis, customers can also access the raw DOM data.
Joe Sandbox Uploader
With Joe Sandbox 19 you get a convenient desktop tool which enables you to easily upload files and URLs to Joe Sandbox from Windows and Mac OS systems:
Over the last months, we saw a huge increase of malware & packers written in .NET (C# or Visual Basic .NET). Joe Sandbox v19 includes an extensive decompilation engine for .NET. All decompiled .NET samples are being uploaded to Joe Sandbox together with the dropped or downloaded files during execution. The decompiled code can be downloaded via the web interface:
.NET Decompilation also contributes to detection via behavior signatures:
Offline Snort / ET PCAP analysis
Are you a big fan of Emerging Threats rules and want to have them included in the Joe Sandbox behavior report? With v19 you get it:
Together with the Snort / ET PCAP analysis we also added detection of malicious files and IPs:
80 New Behavior Signatures
We added many new behavior signatures, in particular to detect new Mac Malware (e.g. Proton B and Snake aka Turla), Phishing, Ransomware and .NET Malware:
UI & User Automation
Please note that Joe Sandbox uses an advanced OCR based clicking engine to detect some of the UI elements.
The following additional minor features are part of the v19 release:
Interested in Joe Sandbox v19? Let us know and we schedule an in-depth technical presentation and demo!