Problem: One of the newer classes of attacks that is used against victims is called fileless malware. With fileless malware, malware is not stored in a file but is downloaded or uploaded dynamically into the system memory using tools built into the operating systems (such as PowerShell, Windows Management Instrumentation, .NET, and Office Macros). First, find an example of fileless malware and summarize how it works. Then describe how memory analysis and forensics may detect the malware when forensic analysis of the hard drive or non-volatile memory would show no signs of infection. How can the SANS six-part methodology help with this type of malware? Examples of fileless malware include:
- Operation Cobalt Kitty
- Ramnit Banking Trojan
- Emotet
- TrickBot
- Ryuk
- Fallout Exploit Kit
- Shade Exploit Kit
- Ursnif
- Frodo
- Number of the Beast
- The Dark Avenger
- Kovter
- Powelike
- SamSam
With references.