KoreLogic is pleased to announce the release of MASTIFF Online, a web interface into the open source MASTIFF static analysis framework. With this free online tool, anyone can upload files to be examined by MASTIFF, returning the results within minutes. MASTIFF Online can be accessed at https://mastiff-online.korelogic.com.

MASTIFF was created by KoreLogic through the DARPA Cyber Fast Track program. The purpose of MASTIFF is to provide an automated framework through which analysts can quickly run static analysis techniques, such as embedded strings and PE header analysis, against a potentially malicious file. Written in Python, MASTIFF is able to be quickly expanded to take on new types of files or add new analysis techniques. Unlike other malware analysis frameworks, MASTIFF focuses solely on static analysis (examining the characteristics of files), and not dynamic analysis (examining the behavior of files).

MASTIFF Online was created to meet the needs of users for a web interface to the framework. Using the KoreLogic Rapid Application Development (KRAD) service, KoreLogic was able to construct the web front-end in a short amount of time and push it out for public use.

Currently, MASTIFF Online supports a number of file types and utilizes a number of static analysis techniques, including:

• PE Header Analysis
• Embedded Strings Analysis
• Single-byte String Extraction
• PE Resource Analysis
• Anti-virus Results based on hash
• Malicious PDF Object Detection
• Microsoft Office Shellcode Detection
• ...and many others

MASTIFF Online can be accessed at https://mastiff-online.korelogic.com.

The source code for MASTIFF can be downloaded at https://korelogic.com/tools.html.

The framework is a work in progress and new analysis types and techniques will be continually added. If you have any questions, comments, or suggestions for improvement, please contact the development team at mastiff-online@korelogic.com.