GenAI based Phishing Detection (GAIPD) leverages cutting-edge Generative AI (GenAI) to detect phishing attacks across URLs, web pages, documents, and emails. GAIPD empowers organizations with highly accurate phishing detection, offering robust protection against evolving threats.
Check out the latest phishing detections of GAIPD on Cloud Basic: HTMLPhisher.
Hypervisor based Inspection (HBI) uses latest hardware virtualization technologies of modern CPUs, to place stealth break points anywhere in the operating system or malware code. Stealth breakpoints capure information about any API being called, no matter if it is in usermode or kernelmode. Further HBI enables security experts to trace any cross module calls and trace other sensitive events, like debug register modification, cpuid instuction execution and many others. HBI is fully stealth and malware cannot detect its presence. HBI is not tied to a specific hypervisor such as KVM or XEN and can run even on bare metal machines. HBI is fully configurable by our customers.
Hybrid Code Analysis (HCA) combines dynamic and static program analysis while retaining the main benefits of both techniques: context awareness, resilience against code obfuscation such as packing and self-modifying code on the one hand, and code analysis completion on the other hand. It makes possible to understand evasions against malware analysis systems including sleeps, logic bombs and system fingerprinting. Moreover, it allows discovering hidden behavior – dormant functionality which is executed only under rare conditions. Hybrid Code Analysis enables security professionals to understand the complete malware behavior, not just the installation.
Check out the latest malware analysis reports to see the Hybrid Code Analysis at work and learn more about this powerful technology from our blog posts: New Sandbox Evasion Tricks spot, Finding a DGA in less than one Minute and Joe Sandbox aware Malware? Certainly not! But surely!.
Execution Graph Analysis (EGA) generates highly condensed control flow graphs, so called Execution Graphs to visualize codes detected by Hybrid Code Analysis. Execution Graphs highlight the full logical behavior of the malware and include additional runtime information such as execution status, signature matches, key decisions, unpacked code and richest paths. Execution Graph Analysis detects evasions against malware analysis systems completely automated, without any human intervention. Furthermore EGA rates the behavior by looking at API chains, execution coverage and loops.
Check out the latest malware analysis reports to see the Execution Graph Analysis at work and learn more about its capabilities in our blog post: The Power of Execution Graphs.
Joe Security has one of the most extensive generic Behavior Signature set. The set consisting of over 2565+ behavior, 3324+ Yara and 117+ Sigma signatures covers multiple platforms including Windows, Android, macOS and Linux. Behavior Signatures help detecting, classifying and summarizing malicious behavior, dangerous code and evasions. Joe Sandbox applies each signature to an enormous amount of captured data, ranging from operating system to network, browser, memory, file, binary and screen data.
Check out our latest malware analysis reports for behavior signature results.
While Hybrid Code Analysis and behavior signatures detect evasive threats, Cookbooks enable users to easily influence and change the malware's behavior automatically. With Cookbooks, security professionals can change the environment, simulate operating system events or modify the operating system behavior. Cookbooks provide the opportunity to completely customize the analysis procedure including malware startup, analysis duration and analysis chaining on multiple systems. The Cookbook technology makes Joe Sandbox the most flexible and customizable malware analysis system in the industry.
Check out our blog posts to see Cookbooks in action: Nymaim - evading Sandboxes with API hammering and Joe Sandbox aware Malware? Certainly not! But surely!.