The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services (IIS) web server logs.
Microsoft Internet Information Services (IIS) is a web server that allows hosting websites and web applications. It’s also used by other software such as Outlook on the Web (OWA) for Microsoft Exchange to host management apps and web interfaces. ...
https://www.bleepingcomputer.com/news/security/hackers-use-microsoft-iis-web-server-logs-to-control-malware/
from Bleeping Computer