Source Link | TechRepublic | Cedric Pernet | said by Cedric Pernet :A threat actor dubbed "Cranefly" uses a new technique for its communications on infected targets. A new publication from Symantec, a Broadcom software company, reveals details about a new method used by the Cranefly threat actor to communicate with its malware in ongoing attack campaigns.
Geppei malware receives orders from IIS log files
A previously unreported dropper named Trojan.Geppei by Symantec has been observed on several victims of the attack campaigns. The malware uses PyInstaller, which is a known tool to compile Python code into an executable file.
It is reported that the threat actor targets emails of employees focused on corporate development, mergers and acquisitions, and large corporate transactions. This malware's intention is to create a backdoor. This threat actor not only are known for their long dwell time on compromised networks, they also re-compromise the same network when detected. 
