Joe Sandbox

What is Joe Sandbox?

Joe Sandbox is a professional-grade malware analysis platform that combines static, dynamic, hybrid, and AI-driven analysis techniques to produce comprehensive behavioral reports on suspicious files and URLs. It supports analysis across Windows, macOS, Linux, Android, and iOS environments, and uniquely offers the ability to run samples on physical hardware rather than virtual machines, defeating malware that detects and evades sandbox environments. Its analysis captures the full execution chain: process injection, persistence mechanisms, network callbacks, encryption routines, and anti-analysis techniques. Joe Sandbox also includes automated MITRE ATT&CK mapping, signature detection, and IOC extraction, making the output immediately actionable for SOC analysts and threat hunters. The platform can be deployed on-premise for organizations with strict data handling requirements.

How does Joe Sandbox work with Qevlar?

Qevlar uses Joe Sandbox to analyze suspicious files and URLs encountered during automated investigations. When an alert involves an attachment, a downloaded file, or a suspicious URL, Qevlar can submit it to Joe Sandbox and wait for the behavioral verdict before proceeding with the investigation, ensuring that the analysis is grounded in actual execution behavior rather than assumptions.