Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

Joe Sandbox 27.0.0 - Red Agate is out!

Published on: 02.10.2019


Over the last couple of months, we have been listening to your feedback and working hard to provide you with the world's most powerful malware analysis system for Windows, macOS, Android, Linux and iOS. Today we release Joe Sandbox 27 under the code name Red Agate! This release is packed with brand new features and improvements, designed to make malware analysis deeper and more precise than ever!




Our Joe Sandbox Cloud ProBasic and OEM servers have already been upgraded to Red Agate recently.


If you wish to upgrade your on-premise Joe Sandbox DesktopMobileXLinuxComplete 

or Ultimate installation right away, please run the following command:


mono joeboxserver.exe --updatefast


Even though we're thrilled about many aspects of this release, in this blog post we will highlight only a few of our favorite Joe Sandbox Red Agate features.

163 new Behavior Signatures


With these brand new signatures, Joe Sandbox is able to precisely detect various malware families like MegaCortex, Dridex, Ryuk, CresentCore, NetWire, Watchbog, Necro and many more.





2986 Community Yara Rules


There is a big number of community Yara rules out there. We took all of them and built a selection by checking them for performance and FPs. The final selection of 2'986 rules has been included in Red Agate and greatly increases detection and malware classification capabilities in Joe Sandbox.





47 Custom Yara rules

Red Agate also includes 47 new custom rules. Those rules are written by Joe Security's threat intelligence analysts and extend the community rules:



Web Push Notifications


The Web Interface now features Push Notifications. Push notifications are very useful in notifying end-users as soon as an analysis is finished or an analyzer is ready for remote assistance:








Joe Sandbox will ask you to enable Push Notifications once during submission, and you can also enable or disable it later on in your user settings. 


Threat Names


Threat Names have been added in order to easily identify which threat has been detected by Joe Sandbox. Threat Names are shown in the analysis overview page as well as inside the report:






Intelligent Analysis


Particular samples often require command-line arguments properly execute and show malicious behavior. Others need to be run as part of a service. For these specific cases, Joe Sandbox will automatically re-analyze the sample with the right action, tremendously increasing the execution success.




Joe Sandbox Detect


Joe Sandbox Detect is a powerful endpoint client which detects suspicious files delivered via targeted attacks or spear-phishing campaigns. It directly leverages the power of Joe Sandbox Red Agate.






If you want to learn more about Joe Sandbox Detect please have a look at this blog post.

Final Words


In this blog post, we have presented the most important features of Joe Sandbox Red Agate, but there are some other very interesting features on top:


Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!