Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Analysing VPNFilter with Joe Sandbox Linux

Linux malware is becoming a hot topic in the security news headlines, as we see more and more recent malware targeting Linux operating systems. With more than 11 billion embedded devices with networking capabilities in 2018 (Gartner), bots targeting Internet of Things (IoT) have a bright future ahead. Mirai and VPNFilter are just some recent examples. Thus, it is the right time to step up! For some months, we have been working on a new product to analyze malware targeting Linux.


Deep Malware Analysis with Joe Sandbox 22 - Mountain Crystal

Now, at the end of Q2, we are happy to release our newest and greatest Joe Sandbox version with the code name Mountain Crystal! Our Joe Sandbox Cloud Pro, Basic and OEM servers have already been upgraded to Mountain Crystal a couple of weeks ago. If you wish to upgrade your on-premise Joe Sandbox Desktop, Mobile, X, Complete and Ultimate installation right away, then please run the following command: mono joeboxserver.exe --updatefast In this blog post, we will present some of the enhancements and new features of Joe Sandbox Mountain Crystal. 111 New Behavior Signatures New signatures include detections for Process Doppelgänging, early Bird Code Injection, Tinynuke, Grandcrab, GravityRAT, Cobalt Strike Beacon, Gootkit, Crossrider  and more: The new signatures enable analysts to spot and catch the latest security threats! Java tracing for Java Archive (JAR) files Malware written in Java has become very popular.


Evasive Malware hits French Corporations

We recently we came across an interesting sample on Joe Sandbox Cloud Basic: The sample has been detected as malicious, yet this is mainly due to Antivirus signatures hits: When looking closely at the Behavior Graph, one discovers something interesting: The main sample is unpacking itself to facture_1398665.tmp. This process then creates a whole bunch of temporary PE files which are then renamed in the next step: Hostile Firefox loading LOL Among the PE files is a file called firefox.exe.


Older Posts