IIS Raid: A native backdoor module for Microsoft IIS

From github.com

When installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against the hardcoded value. In case the value specified by the header doesn’t match the password, the request will continue normally without giving any indications of the backdoor. If the header value matches the password, it will search for the communication header and extract its content. Additionally, it will base64 decode it, compare it against the predefined commands and process the instructions if any.

Read more…