Register to stream ATT&CKcon 2.0 October 29-30


PUNCHTRACK is non-persistent point of sale (POS) system malware utilized by FIN8 to scrape payment card data. [1] [2]

ID: S0197
Associated Software: PSVC
Platforms: Windows
Version: 1.0

Associated Software Descriptions

Name Description
PSVC [2]

Techniques Used

Domain ID Name Use
Enterprise T1005 Data from Local System PUNCHTRACK scrapes memory for properly formatted payment card data. [1] [2]
Enterprise T1074 Data Staged PUNCHTRACK aggregates collected data in a tmp file. [2]
Enterprise T1027 Obfuscated Files or Information PUNCHTRACK is loaded and executed by a highly obfuscated launcher. [1]

Groups That Use This Software

ID Name References
G0061 FIN8 [1]