This pulse details APT41's (Winnti Group) new "ToughProgress" malware, which weaponizes Google Calendar for stealthy command-and-control (C2) communications. Key highlights from SOCRadar's analysis: Legitimacy Abuse: Uses Google Calendar events to hide malicious commands in seemingly benign public calendar entries. Multi-Stage Execution: Delivers PowerShell scripts to fetch encrypted payloads, bypassing traditional network defences. Persistence Mechanisms: Establishes footholds via scheduled tasks, registry modifications, and DLL sideloading. Targeted Evasion: Avoids sandboxes and leverages trusted cloud services to evade detection. IOCs Provided: Includes malware hashes, C2 domains, and behavioural patterns for hunting.