Dynamic Malware Analysis (DMA)
Dynamic Malware Analysis (DMA) is a service offered by CIRCL and operated by Joe Security LLC[1], a renowned Swiss security company specialised on leading sandbox technologies. CIRCL and Joe Security already collaborated regarding Joe’s MISP [2] integration. The platform allows the analysis of potential malicious software or suspicious documents in a secure and virtualized environment.
Users can upload their suspicious software or document files via a web-interface and select a specific target platform. The request is then automatically processed and executed within the selected target. After the execution, additional analysis is performed like memory analysis and comparative analysis. Then a report is made available including all the complete dynamic analysis, memory analysis and additional information.
The full list of features can be found here https://www.joesecurity.org/joe-sandbox-cloud#key-features ([3])
There is a quota
We have a limited quota of analyses per month available. If you want to do a pre-assessment of your files, without running a full dynamic analysis, you can also use our static analysis platform pandora first.
Privacy statement
All the files and all the analysis are fully private in Joe Sandbox Cloud Pro, no information is shared with third party services. Also, you have full control over the data retention that can be set down to 1 day, then all the files and all the analyses are securely erased with no backup possibility.
What can I do if a dynamic analysis failed or is suspiciously quiet?
Dynamic analysis is not a magical solution. If an analysis fails, you can resubmit the suspicious files to CIRCL for further manual malware analysis.
How to request access?
If you are an organization based in Luxembourg, you can request access by contacting us.
[1] https://www.joesecurity.org/company-joe-security [2] https://www.circl.lu/services/misp-malware-information-sharing-platform/ [3] https://www.joesecurity.org/joe-sandbox-cloud#key-features