Section 05: Fileless Malware Concepts

Fileless Malware

Fileless malware

Fileless malware is a variant of computer related malicious software that exists exclusively as a computer memory-based artifact i.e. in RAM. It does not write any part of its activity to the computer's hard drive, thus increasing its ability to evade antivirus software that incorporate file-based whitelisting, signature detection, hardware verification, pattern-analysis, time-stamping, etc., and leaving very little evidence that could be used by digital forensic investigators to identify illegitimate activity.

Living off the land

Living off the land refers to the use of dual-use tools, which are either already installed in the victims' environment, or are admin, forensic or system tools used maliciously.

Links

https://en.wikipedia.org/wiki/Fileless_malware

PreviousSection 04: Virus and Worms Concepts NextSection 06: Malware Analysis

Last updated 7 months ago