BlackBerry researchers have discovered the relationship between the Prometheus Traffic Direction System and a leaked Cobalt Strike SSL key pair, as well as with various malware families. In the last two years, multiple threat actors and ransomware groups such as FIN7, FickerStealer, Qakbot, DarkCrystal RAT, IceID, BlackMatter, Ryuk, Cerber, and REvil have used it.