After careful research into overlaps between the leaked key and malware deployed via Prometheus TDS, we have concluded that the following campaigns are likely to have recently utilized Cobalt Strike AND Prometheus.
https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus

With increasing Multi-Factor coverage and defensive countermeasures like Smart Lockout, password spraying is becoming more and more of a chore.
https://blog.blacklanternsecurity.com/p/introducing-trevorproxy-and-trevorspray

Since it is likely that both the DESFire key and the remote access AES key were generated around the same time, an attacker could vastly reduce the search space for the remote access key by first cracking the DESFire key.
https://x41-dsec.de/lab/blog/telenot-complex-insecure-keygen/

Microsoft Threat Intelligence Center has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
https://aka.ms/UkrainianMalware