GLOSSARY / Fileless Malware

What is Fileless Malware?

Malware that operates in memory using legitimate system tools, leaving little on disk.

Fileless attacks abuse trusted binaries (PowerShell, WMI, living-off-the-land) and run in RAM, evading file-based antivirus. Detection relies on behavioral monitoring and script-block logging.

It maps to several MITRE ATT&CK execution techniques.

Related free tools

MITRE ATT&CK → Sigma Converter →

Related terms

Malware Lateral Movement

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.