Fileless Malware is a form of malware that doesn’t write anything to disk or hard drive. The payloads are read, in a form of HTTP request 1 , and executed by other applications, usually a shell, or framework such as command prompt, PowerShell or .NET framework. Since the malware is directly put into memory, it is rather hard for antivirus to detect it with conventional means of anti-analysis techniques. In addition, it is tremendously hard to differentiate a legitimate process and a malicious process by just looking at the process tree. Some even stored themselves inside registry, which could put into main memory every time after system boot up.
It is particular popular in Powerware campaign and high profile DNC hack.