Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Sandbox Linux

Automated Deep Malware Analysis targeting Linux

Joe Sandbox Linux Joe Sandbox Linux executes files fully automated in a controlled environment and monitors the behavior of applications and operating systems for suspicious activities. All activities are compiled into comprehensive and extensive analysis reports.

Analysis reports, which contain key information about potential threats, enable cyber-security professionals to deploy, implement and develop appropriate defense and protections.

Joe Sandbox Linux enables to install and use Joe Sandbox in your lab. Joe Sandbox Linux analyzes malware targeting Linux.

Joe Sandbox Linux Explained

Joe Sandbox Linux Explained

Joe Sandbox Linux’s architecture is modular. It consists of at least one controller machine running Linux and multiple connected Linux analyzer (Virtual Machines or Bare Metal). Files are sent for analysis via the Joe Sandbox Linux Web Interface to the controller's server. The Joe Sandbox Linux server stores the submission in a local file database and forwards them to the connected analysis machines, where the submission is then executed.

Joe Sandbox Linux’s configurable and efficient dynamic and static analysis engine monitors any activities during the binary program execution and reports behavior data instantly to the controller.

Evaluating results, statistics, activities and code functions are compiled into a detailed and well structured report.


Request a Joe Sandbox Linux demo

Contact Joe Security to schedule a technical presentation and demo.

Comprehensive Reports

Joe Sandbox Linux generates very detailed analysis reports about system and network behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly.

Comprehensive Reports


345+ Generic and Open Behavior Signatures

Joe Sandbox Linux’s behavior analysis engine uses a growing set of over 345+ generic Behavior Signatures to detect and classify malicious behavior activities such as Persistence, Boot Survival, Spreading, APT, Coin minging, Ransomware and C&C Communication. Behavior Signatures are extensible and customizable and optionally are shared within a community.

345+ Generic and Open Behavior Signatures

Virtual and Physical Analysis Systems

Joe Sandbox Linux enables to use a mix of virtual and physical analysis machines for analysis. Physical machines are very helpful in order to deal with evasive malware which may not run on virtual systems.

Virtual and Physical Analysis Systems

Yara

Joe Sandbox Linux allows to use Yara Rules for advanced malware detection. Joe Sandbox Linux forwards all samples, downloaded files, resources as well as memory dumps to Yara. In addition Joe Sandbox Linux features a nice web based Yara Rule editor. Tired of updating Yara rules? Joe Sandbox Linux enables to automatically synchronize with GitHub repositories contain Yara rules.

Yara

IDS Network Analysis

Joe Sandbox Linux enables to analyze automatically the network data via Snort and "The Bro Network Security Monitor". Snort with e.g. Emerging Threats ETOpen/ETPro rules detects malicious IPs, Domains or other network artifacts and Files extracted by Bro are automatically uploaded to Joe Sandbox.

IDS Network Analysis

Extensive supplementary Analysis Data

In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox Linux captures and generates supplementary data. This includes created files, PCAP of the captured network traffic, screenshots and strings.

Extensive supplementary Analysis Data

Reports provided in all relevant Formats

Joe Sandbox Linux reports are provided in all relevant export formats, ranging from common data exchange formats (XML, JSON) and document types (HTML, PDF) to malware security standards such as MAEC, CybOX, MISP and OpenIOC. Therefore, Joe Sandbox Linux reports can be seamlessly integrated with other tools and platforms.

Reports provided in all relevant Formats

Third Party Integrations

Joe Sandbox Linux has many Third Party Integrations. Detection results from Virustotal and MetaDefender are visualized in the analysis report. Joe Sandbox Linux also integrates with Incident Response Solutions such as TheHive, Fame, MISP and CRITs. You can also use Joe Sandbox Linux in the Security Automation & Orchestration Platform Phantom and Demisto. We also offer integration with additional tools such as Viper and Malsub.

Third Party Integrations

Build for OEM Integration

Joe Sandbox Linux allows for seamless integration into existing security products. A .NET SDK, serving interfaces for automated file submissions and processors for handling generated analysis data is included. For bulk file submissions, Joe Sandbox Linux provides a queuing system with load-balancing and prioritization mechanisms. OEM customer have full control over the solution, its generated data and configuration.

Build for OEM Integration

RestFul WEB API

Joe Sandbox Linux allows for seamless integration into existing threat intelligence systems. It has a simple RestFul WEB API which enables file upload, analysis data download, searches, filters, alerts and more. Example scripts in Python allow a fast integration.

RestFul WEB API

Simplified Management and Control

Joe Sandbox Linux includes an intuitive web interface with features such as file and URL uploads, cookbook editor, user management and bulk upload/download and mail/syslog notifications.

Simplified Management and Control

Flexibility and Customization

Joe Sandbox Linux is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox Linux supports multiple analysis machines with different applications/versions installed.

Flexibility and Customization

Additional Support, Maintenance and Consulting

Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox Linux.

Additional Support, Maintenance and Consulting

Explore Joe Sandbox Linux

Have a look at the behavior analysis reports generated by Joe Sandbox Linux or contact Joe Security to schedule a technical presentation.

What files does Joe Sandbox Linux analyze?

Joe Sandbox Linux analyzes any files, including ELF, Python, LUA, PERL, PDF, URL, BASH etc. Joe Sandbox Linux includes a file type recognition engine which detects over 5000 different files.

What report and forensic data does Joe Sandbox Linux generate?

Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, strings, PCAP and screenshot.

Which analysis technology does Joe Sandbox Linux use?

Joe Sandbox Linux uses a wide range of analysis technologies including dynamic and static. Due to the use of several analysis techniques Joe Sandbox Linux discovers more behavior than other solutions.

What are behavior signature?

Behavior signatures are tiny scripts to rate data Joe Sandbox Linux captures from the malware. Joe Sandbox Linux extracts file, system and network data. Joe Sandbox Linux includes a steady raising number of 345+ signatures.

Does Joe Sandbox Linux analyze malware on native machines?

Yes, Joe Sandbox Linux enalbes to analyze malware on native machines. Therefore you can use directly a PC or laptop from your company as an analysis target.

Which Linux verions are supported?

Ubuntu and CentOS.

What hardware and operating systems do I need to install Joe Sandbox Linux?

Joe Sandbox Linux runs on standard hardware with Linux as operating system (e.g. Ubuntu Server).

Is Joe Sandbox Linux a 100% standalone application?

Yes, Joe Sandbox Linux can be run without any connection to the Internet or our Cloud.