1 malware family

Y2K Operators

Also known asY2K Operators

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

21 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

9 of 15 tactics28 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1195

Supply Chain Compromise

TA0002

Execution

2 techniques

T1059

Command and Scripting Interpreter

T1059.001

PowerShell

T1204

User Execution

T1204.002

Malicious File

TA0003

Persistence

1 technique

T1547

Boot or Logon Autostart Execution

T1547.001

Registry Run Keys / Startup Folder

TA0004

Privilege Escalation

2 techniques

T1547

Boot or Logon Autostart Execution

T1547.001

Registry Run Keys / Startup Folder

T1548

Abuse Elevation Control Mechanism

T1548.002

Bypass User Account Control

TA0005

Stealth

2 techniques

T1027

Obfuscated Files or Information

T1027.009

Embedded Payloads

T1036

Masquerading

TA0006

Credential Access

3 techniques

T1056

Input Capture

T1056.001

Keylogging

T1539

Steal Web Session Cookie

T1555

Credentials from Password Stores

T1555.003

Credentials from Web Browsers

TA0009

Collection

4 techniques

T1056

Input Capture

T1056.001

Keylogging

T1113

Screen Capture

T1123

Audio Capture

T1125

Video Capture

TA0011

Command and Control

2 techniques

T1071

Application Layer Protocol

T1071.001

Web Protocols

T1105

Ingress Tool Transfer

TA0040

Impact

1 technique

T1486

Data Encrypted for Impact

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

Millenium RATA remote access trojan known as Millenium RAT has been quietly spreading across the globe... The most significant change in version 4 is its full rewrite from .NET into native C++.1Jun 29, 2026

IOCS

Observables

59 indicators attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.

59 IOCsView more in app

hash.sha256

39 total

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••+31

uri

11 total

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••+3

Domains

6 total

••••••.com•••••••.ru••••••••.com•••••••••.net••••••••••.com•••••••••••.ru

ip.v4

3 total

•••••••••••••••••••••••••••

IOC values are gated. View more in Mallory for domains, IPs, hashes, and other artifacts, or pipe them straight into your SIEM.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

cyber security newsNews

Jun 29, 2026

Millenium RAT Rewritten in C++ Infects 62,000+ Devices Across 160 Countries

Operating and scaling distribution of Millenium RAT as part of a broad malware campaign targeting Windows users globally via social-engineering lures and trojanized tools.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping21

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables59

Domains, IPs, and hashes tied to this actor, refreshed continuously.