PUNCHTRACK

PUNCHTRACK is non-persistent point of sale (POS) system malware utilized by FIN8 to scrape payment card data. [1] [2]

ID: S0197
Associated Software: PSVC

Type: MALWARE
Platforms: Windows

Version: 1.0

Associated Software Descriptions

NameDescription
PSVC[2]

Techniques Used

DomainIDNameUse
EnterpriseT1005Data from Local SystemPUNCHTRACK scrapes memory for properly formatted payment card data.[1][2]
EnterpriseT1074Data StagedPUNCHTRACK aggregates collected data in a tmp file.[2]
EnterpriseT1027Obfuscated Files or InformationPUNCHTRACK is loaded and executed by a highly obfuscated launcher.[1]

Groups

Groups that use this software:

FIN8

References