Joe Sandbox v36 Rainbow Opal

Today we release Joe Sandbox 36 under the code name Rainbow Opal! This release is packed with many new detection signatures and interesting features to make malware detection even more precise!

Our Joe Sandbox Cloud Pro, Basic and OEM servers have recently been upgraded to Rainbow Opal.

If you wish to upgrade your on-premise Joe Sandbox Desktop, Mobile, X, Linux, Complete 

or Ultimate installation right away, please read the Update Guide that you receive via our mailing list. Note that this update requires an OS update to Ubuntu 22.04 first. 

You also find the Update Guide in our customer portal.  

200 new Signatures

With these brand new Yara and Behavior signatures, Joe Sandbox is able to precisely detect various new malware families like CloudMensis, Alchimist, RapperBot, CryptCat, Tifa Downloader, Prestige Ransomware, MagicRAT, Luna Logger, Manjusaka,DagonLocker and many more. In addition, we added 13 Malware Configuration Extractors, e.g. ErbiumStealer, CryptBotv2, LummaC, Eternity Stealer and PhoenixRAT, to name a few:

Analysis on Windows 11

We have extended the support for Windows analyzers to Windows 11:

Analysis on macOS Monterey

We have extended the support for macOS analyzers with Monterey:

Analysis Report: https://www.joesecurity.org/reports/report-1ce8099c5bb8fbe715ae7c546c46a526.html

Support for Android 12 and Frida Integration

Rainbow Opal allow you to analyze APKs on Android 12:

Analysis Report: https://www.joesandbox.com/analysis/725289/1/html

In addition we added an integration for famous Frida. Frida scripts can now be used in Android cookbooks to manipulate the Android samples:

Frida output is available as an additional download on the detailed analysis page: 

HTML Droppers

We recently observed an increase in what we call HTML Droppers samples. HTML Droppers are HTML files which propose a file download to the user. Often the file is password protected and the password visualized on the HTML page.

Joe Sandbox v36 is now able to successfully execute such HTML Droppers:

Analysis Report: https://www.joesandbox.com/analysis/720621/0/html#deviceScreen

Web Interface Improvements

We added a new advanced search which allows you to perform complex searches:

In addition we built an API to manage Sigma rules:

Final Words

In this blog post, we have presented the most important features of Joe Sandbox Rainbow Opal, but there are some other interesting features on top:

• Added DNS over HTTPS parsing (DoH)
• Added stream-based event log capturing
• Added several performance improvements
• Added dropped file based exclusion list
• Added IOC search to Web API
• Added static parser for CHM samples
• Added visualization of whitelisted samples in the Web interface
• Added support for APK signing v2 and v3
• Added several new anti detection and evasion tricks

Would you like to try Joe Sandbox? Register for a free account on Joe Sandbox Cloud Basic or contact us for an in-depth technical demo!