base64
Encode or decode base64 data. Widely used to obfuscate payloads, bypass content filters, and encode exfiltrated data.
Binary Paths
/usr/bin/base64/bin/base64
Glob Patterns
| Pattern | Notes |
|---|---|
bas*4
|
Star matches 'e6' — short form that still requires 'bas' prefix and '4' suffix |
b??e64
|
Two wildcards replace 'as' in base |
b[a]se64
|
Character class around 'a' |
base6[4]
|
Character class on final digit |
/usr/bin/bas*4
|
Full path with star wildcard |
/???/bin/base64
|
Obfuscate /usr/ directory component |
$(ls /usr/bin/bas*4)
|
ls resolves glob to /usr/bin/base64; command substitution executes it |
$'\x62\x61\x73\x65\x36\x34'
|
ANSI-C hex escapes expand to 'base64' |
Pattern Tester
$
Try typing base64 or a full path like /usr/bin/base64
YARA Rule
Auto-generated detection rule for base64