Skip to content

S0197 PUNCHTRACK

PUNCHTRACK is non-persistent point of sale (POS) system malware utilized by FIN8 to scrape payment card data. 1 2

Item Value
ID S0197
Associated Names PSVC
Type MALWARE
Version 1.1
Created 18 April 2018
Last Modified 17 March 2020
Navigation Layer View In ATT&CK® Navigator

Associated Software Descriptions

Name Description
PSVC 2

Techniques Used

Domain ID Name Use
enterprise T1005 Data from Local System PUNCHTRACK scrapes memory for properly formatted payment card data.12
enterprise T1074 Data Staged -
enterprise T1074.001 Local Data Staging PUNCHTRACK aggregates collected data in a tmp file.2
enterprise T1027 Obfuscated Files or Information PUNCHTRACK is loaded and executed by a highly obfuscated launcher.1

Groups That Use This Software

ID Name References
G0061 FIN8 1

References

Back to top