One of its new features that caught my eye, is base64 strings.
This is the example rule for the base64 modifier from YARA’s documentation:
$a = “This program cannot” base64
This rule will search for ASCII strings that are possible BASE64-encodings of ASCII string “This program cannot”.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.