In 1989, a virus called The Dark Avenger was discovered that operated solely in the computer’s memory, although it had to be delivered as a file. It infected executable files whenever the user ran or copied them. It’s one of the first known examples of fileless malware.
In 2017, cryptocurrency malware WannaMine was discovered infecting servers in large corporations. It penetrated systems through the unpatched SMB protocol and executed code to mine Monero cryptocurrency.