PUNCHTRACK is non-persistent point of sale (POS) system malware utilized by FIN8 to scrape payment card data. [1] [2]
Name | Description |
---|---|
PSVC |
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1005 | Data from Local System |
PUNCHTRACK scrapes memory for properly formatted payment card data.[1][2] |
|
Enterprise | T1074 | .001 | Data Staged: Local Data Staging |
PUNCHTRACK aggregates collected data in a tmp file.[2] |
Enterprise | T1027 | Obfuscated Files or Information |
PUNCHTRACK is loaded and executed by a highly obfuscated launcher.[1] |