Today we release Joe Sandbox 36 under the code name Rainbow Opal! This release is packed with many new detection signatures and interesting features to make malware detection even more precise!
or Ultimate installation right away, please read the Update Guide that you receive via our mailing list. Note that this update requires an OS update to Ubuntu 22.04 first. You also find the Update Guide in our customer portal.
200 new Signatures
With these brand new Yara and Behavior signatures, Joe Sandbox is able to precisely detect various new malware families like CloudMensis, Alchimist, RapperBot, CryptCat, Tifa Downloader, Prestige Ransomware, MagicRAT, Luna Logger, Manjusaka,DagonLocker and many more. In addition, we added 13 Malware Configuration Extractors, e.g. ErbiumStealer, CryptBotv2, LummaC, Eternity Stealer and PhoenixRAT, to name a few:
Analysis on Windows 11
We have extended the support for Windows analyzers to Windows 11:
Analysis on macOS Monterey
We have extended the support for macOS analyzers with Monterey:
Support for Android 12 and Frida Integration
Rainbow Opal allow you to analyze APKs on Android 12:
In addition we added an integration for famous Frida. Frida scripts can now be used in Android cookbooks to manipulate the Android samples:
Frida output is available as an additional download on the detailed analysis page:
We recently observed an increase in what we call HTML Droppers samples. HTML Droppers are HTML files which propose a file download to the user. Often the file is password protected and the password visualized on the HTML page.
Joe Sandbox v36 is now able to successfully execute such HTML Droppers:
Web Interface Improvements
We added a new advanced search which allows you to perform complex searches:
In addition we built an API to manage Sigma rules:
Final Words
In this blog post, we have presented the most important features of Joe Sandbox Rainbow Opal, but there are some other interesting features on top:
- Added DNS over HTTPS parsing (DoH)
- Added stream-based event log capturing
- Added several performance improvements
- Added dropped file based exclusion list
- Added IOC search to Web API
- Added static parser for CHM samples
- Added visualization of whitelisted samples in the Web interface
- Added support for APK signing v2 and v3
- Added several new anti detection and evasion tricks