EXPLORE
Sign In
← Back to Explore
T1027.011

Fileless Storage

Adversaries may store data in "fileless" formats to conceal malicious activity from defenses. Fileless storage can be broadly defined as any format other than a file. Common examples of non-volatile fileless storage in Windows systems include the Windows Registry, event logs, or WMI repository.(Citation: Microsoft Fileless)(Citation: SecureList Fileless) Shared memory directories on Linux systems (`/dev/shm`, `/run/shm`, `/var/run`, and `/var/lock`) and volatile directories on Network Devices (`...

WindowsLinux
3
Detections
1
Sources
2
Threat Actors

BY SOURCE

3splunk_escu

PROCEDURES (2)

Registry2 detections

Auto-extracted: 2 detections for registry

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

THREAT ACTORS (2)

APT32Turla

DETECTIONS (3)

PowerShell WebRequest Using Memory Stream
splunk_escu
Windows Njrat Fileless Storage via Registry
splunk_escu
Windows Registry Payload Injection
splunk_escu