Over the last couple of months, we have been listening to your feedback and working hard to provide you with the world's most powerful malware analysis system for Windows, macOS, Android, Linux and iOS. Today we release Joe Sandbox 27 under the code name Red Agate! This release is packed with brand new features and improvements, designed to make malware analysis deeper and more precise than ever!
or Ultimate installation right away, please run the following command:
mono joeboxserver.exe --updatefast
Even though we're thrilled about many aspects of this release, in this blog post we will highlight only a few of our favorite Joe Sandbox Red Agate features.
163 new Behavior Signatures
With these brand new signatures, Joe Sandbox is able to precisely detect various malware families like MegaCortex, Dridex, Ryuk, CresentCore, NetWire, Watchbog, Necro and many more.
2986 Community Yara Rules
There is a big number of community Yara rules out there. We took all of them and built a selection by checking them for performance and FPs. The final selection of 2'986 rules has been included in Red Agate and greatly increases detection and malware classification capabilities in Joe Sandbox.
47 Custom Yara rules
Red Agate also includes 47 new custom rules. Those rules are written by Joe Security's threat intelligence analysts and extend the community rules:
Web Push Notifications
The Web Interface now features Push Notifications. Push notifications are very useful in notifying end-users as soon as an analysis is finished or an analyzer is ready for remote assistance:
Joe Sandbox will ask you to enable Push Notifications once during submission, and you can also enable or disable it later on in your user settings.
Threat Names have been added in order to easily identify which threat has been detected by Joe Sandbox. Threat Names are shown in the analysis overview page as well as inside the report:
Particular samples often require command-line arguments properly execute and show malicious behavior. Others need to be run as part of a service. For these specific cases, Joe Sandbox will automatically re-analyze the sample with the right action, tremendously increasing the execution success.
Joe Sandbox Detect
Joe Sandbox Detect is a powerful endpoint client which detects suspicious files delivered via targeted attacks or spear-phishing campaigns. It directly leverages the power of Joe Sandbox Red Agate.
If you want to learn more about Joe Sandbox Detect please have a look at this blog post.
In this blog post, we have presented the most important features of Joe Sandbox Red Agate, but there are some other very interesting features on top: