KoreLogic Blog
One Month of MASTIFF Online! 2015-05-27 11:30

It has been exactly one month since MASTIFF Online was opened, and to celebrate, we have released the next stable version of MASTIFF! Version 0.7.1 includes a large number of bug fixes, as well as some new analysis plug-ins to get more information out of the files you are analyzing. The new version can be found at https://korelogic.com/tools.html.


Most of the code in this release has been in the git repository for some time now. Remember, you can always download the latest code to try out any new features and plug-ins that have been added.

What has changed since the last stable version of MASTIFF? A lot. Here is a brief list of major changes:

  • Tons of bug fixes.
  • Plug-ins have been moved to a central directory, so you no longer have to specify their location in the MASTIFF config file.
  • A hex dump analysis plug-in was added to render the file in hex output.
  • A Metascan Online plug-in was added to query the Metascan site. Note, however, that you will need an API key to query that site.
  • Yara signatures are now also used to determine file type in the category plug-ins.
  • When running setup.py to install MASTIFF, the configuration file will now be installed into /etc/mastiff so it is detected by default.

Expect more great things to come from MASTIFF in the near future, including output plug-ins!


In the past month, we have seen a lot of activity surrounding MASTIFF Online. The response has been overwhelmingly positive, and we have received many submissions to the site. Even more important, the submission rate has been fairly steady, and we continue to analyze new malware each day.

Some statistics about our first month of operation:

  • At last check, we have received 526 files to analyze. The vast majority have been Windows PE executables, followed by PDFs and Office documents. However, we've also received a number of ELF executables. We are looking to expand the analysis offerings for all of these file types to make the site more useful.
  • The United States leads the number of uploads to the site, followed by Brazil and Spain.
  • MASTIFF Online has been visited by over 900 unique IP addresses since it opened. The U.S. leads this statistic as well, followed by Great Britain and Spain.

This may not seem like a lot of files or visits, but MASTIFF Online is still a new site and the fact that we are seeing a steady amount of traffic is a good indicator of its usefulness.

How to Contribute

As time goes on, we plan on adding more features to both MASTIFF and MASTIFF Online. However, to do so, we need feedback from the community. Let us know what you would like to see in the project. The more feedback we receive, the better we can prioritize the feature enhancements we are working on.

Send feedback or suggestions to mastiff-online@korelogic.com.

Don't forget that you can always write new plug-ins for MASTIFF and submit them to the git repository.

0 comments Posted by Tyler at: 11:30 permalink

Comments are closed for this story.