Mindflow and JoeSandbox have partnered to enable users to automate their incident management and better protect their information systems.


JoeSandbox is one of the most advanced automated and deep malware analysis engines available on-premise or cloud. With a multi-technology approach and the latest machine learning techniques, JoeSandbox enables your teams to analyze files on the most used operating systems for endpoints, servers, and mobile devices: Windows, macOS, Linux, Android, and iOS.

To provide this unrivaled deep malware analysis capacity, JoeSandbox relies on core technologies.

A Hypervisor-based Inspection (HBI) using hardware virtualization. You can place breakpoints in your operating system or malware code to track information about API being called. It also enables your teams to trace cross-module calls and other sensitive events such as debug register modification, cpuid instruction execution, etc.

Dynamic Generic Instrumentation (DGI) changing codes to log and change runtime information for deep inspection of runtime data. Thanks to DGI, you can control API, method, and function calls, including complex arguments, return values and object values. You can also use DGI to fight evasion techniques, such as sleeps, logic bombs, or environment checks by modifying or faking arguments, return values, and status of objects.

Hybrid Code Analysis (HCA), combining dynamic and static program analysis. It provides context awareness, resilience against code obfuscation, and code analysis completion. It enables your teams to understand the complete behavior cycle of malware, not just its installation.

Execution Graph Analysis (EGA) highlights the complete logical behavior of the malware. It also includes additional runtime information such as execution status, signature matches, critical decisions, unpacked code, and richest paths. It helps detect evasions against malware analysis systems, and it’s completely automated.

AI-based Phishing Detection (AIPD) to detect URL-based phishing attacks. It extracts and browses the URL in a real browser and then leverages template matching, partial hashing, and ORB feature detection to detect the malicious use of legit brands on websites. It also benefits from external URL, domain, and Whois-based reputation checks.

Behavior Signature Set to detect, classify, and summarize malicious behavior, dangerous code, and evasions. The set consists of over 2311+ behavior1495+ Yara, and 103+ Sigma signatures covering multiple platforms, including Windows, Android, macOS, iOS, and Linux.

Cookbooks enable your teams to influence and change the malware’s behavior automatically. You can change the environment, simulate operating system events, or modify the operating system behavior.

Mindflow uses JoeSandbox’s integrations capacities to enable its users to call and implement in their workflows all the services it provides


  • Access one of the most complete and features rich sandbox solutions on the market
  • Discover and analyze new malware with a Multi-Technology and Evasion-Resistant sandbox

Automation Through Mindflow

Automation Use Case

Related Integrations