Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

Joe Sandbox v36 Rainbow Opal

Published on: 14.11.2022


Today we release Joe Sandbox 36 under the code name Rainbow Opal! This release is packed with many new detection signatures and interesting features to make malware detection even more precise!






Our Joe Sandbox Cloud ProBasic and OEM servers have recently been upgraded to Rainbow Opal.

If you wish to upgrade your on-premise Joe Sandbox DesktopMobileXLinuxComplete 

or Ultimate installation right away, please read the Update Guide that you receive via our mailing list. Note that this update requires an OS update to Ubuntu 22.04 first. 
You also find the Update Guide in our customer portal.  

200 new Signatures


With these brand new Yara and Behavior signatures, Joe Sandbox is able to precisely detect various new malware families like CloudMensis, Alchimist, RapperBot, CryptCat, Tifa Downloader, Prestige Ransomware, MagicRAT, Luna Logger, Manjusaka,DagonLocker and many more. In addition, we added 13 Malware Configuration Extractors, e.g. ErbiumStealer, CryptBotv2, LummaC, Eternity Stealer and PhoenixRAT, to name a few:






Analysis on Windows 11


We have extended the support for Windows analyzers to Windows 11:











Analysis on macOS Monterey


We have extended the support for macOS analyzers with Monterey:



Support for Android 12 and Frida Integration



Rainbow Opal allow you to analyze APKs on Android 12:

In addition we added an integration for famous Frida. Frida scripts can now be used in Android cookbooks to manipulate the Android samples:




Frida output is available as an additional download on the detailed analysis page: 



HTML Droppers


We recently observed an increase in what we call HTML Droppers samples. HTML Droppers are HTML files which propose a file download to the user. Often the file is password protected and the password visualized on the HTML page.

Joe Sandbox v36 is now able to successfully execute such HTML Droppers:











Web Interface Improvements


We added a new advanced search which allows you to perform complex searches:


In addition we built an API to manage Sigma rules:





Final Words


In this blog post, we have presented the most important features of Joe Sandbox Rainbow Opal, but there are some other interesting features on top:

  • Added DNS over HTTPS parsing (DoH)
  • Added stream-based event log capturing
  • Added several performance improvements
  • Added dropped file based exclusion list
  • Added IOC search to Web API
  • Added static parser for CHM samples
  • Added visualization of whitelisted samples in the Web interface
  • Added support for APK signing v2 and v3
  • Added several new anti detection and evasion tricks

Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!