Microsoft recently reported that their advanced threat protection tools were able to detect and block two heavily obfuscated and malicious scripts. The threats were apparently using the Sharpshooter technique, which was documented and published in a 2017 blog post from a British security firm.
A report from the company details the elusive payload—it did not trigger antivirus scanning, was loaded using a legitimate process that executed the scripts, and also left no trace on the disk. Given the characteristics, they classified the scripts as fileless threats.
Source: Trend Micro