Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Security's Blog

Deep Behavior Reports - how to find the needle in the haystack

Joe Sandbox is known to provide the industry's deepest and richest behavior reports. While it is beneficial to have a massive amount of information on the malware execution, this also has its downsides. For instance, it is difficult to get an overview, find interesting data or share findings with colleagues or with other teams. Joe Security has taken the challenge and implemented various tools and features to make behavior reports easier to understand and navigate despite their huge size.

Read more...

Ransomware is not dead - a light analysis of LockerGoga

Despite many reports saying that the number of Ransomware samples is on the decrease, we see again and again big multinational companies suffering from these attacks. Just two days ago, Norway based Norsk Hydro - one of the World's largest Aluminium producers - was hit by a severe Ransomware attack: The attack is so massive that Hydro had to switch its productions to manual mode: According to various press releases, the entire worldwide Norsk Hydro network is down, affecting all production as well as office operations. If you search this incident on Twitter, you will instantly come across the Ransomware LockerGoga: While it is still unconfirmed that Norsk Hydro was hit by LockerGoga, we saw a high amount of LockerGoga samples being submitted to VirusTotal as well as Joe Sandbox Cloud Basic. One of the most recent samples (version 1510) has been uploaded to VirusTotal on March 19th (MD5: e11502659f6b5c5bd9f78f534bc38fea): On Joe Sandbox Cloud Basic just some minutes later: Joe Sandbox 25.

Read more...

Malicious Documents: The Evolution of country-aware VBA Macros

Today's malware is often delivered via e-mail attachments. Such documents usually contain a VBA macro or utilize the office equation editor exploit (CVE-2017-11882 or CVE-2018-0802). If it is a VBA macro, likely an encrypted PowerShell command is executed. Lately, we have seen an increase of evasive VBA macros in Excel sheets.

Read more...



Older Posts