The Iran-linked cyber-espionage group tracked as OilRig started using a backdoor dubbed RGDoor to target Internet Information Services (IIS) Web servers. The hackers used the backdoor to target Middle Eastern government organizations and financial and educational institutions. The attackers exploited the IIS 7 functionality that allows developers to create modules in C++ to extend IIS capabilities, in this way they could carry out custom actions on requests. Researchers from Palo Alto Networks discovered that the code calls the RegisterModule function with arguments that ignore inbound HTTP GET requests, but act on all HTTP POST requests.”]
Source: https://securityaffairs.co/wordpress/68317/hacking/oilrig-rgdoor-backdoor.html