/*
This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.
*/
rule contentis_base64 : Base64
{
meta:
author = "Jaume Martin"
description = "This rule finds for base64 strings"
version = "0.2"
notes = "https://github.com/Yara-Rules/rules/issues/153"
strings:
$a = /([A-Za-z0-9+\/]{4}){3,}([A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?/
condition:
$a
}