Currently viewing ATT&CK v7.2 which was live between July 8, 2020 and October 26, 2020. Learn more about the versioning system or see the live site.
Register to stream the next session of ATT&CKcon Power Hour November 12
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. PUNCHTRACK

PUNCHTRACK

PUNCHTRACK is non-persistent point of sale (POS) system malware utilized by FIN8 to scrape payment card data. [1] [2]

ID: S0197
Associated Software: PSVC
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 17 March 2020

Associated Software Descriptions

Name Description
PSVC [2]
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1005 Data from Local System

PUNCHTRACK scrapes memory for properly formatted payment card data.[1][2]
Enterprise T1074 .001 Data Staged: Local Data Staging

PUNCHTRACK aggregates collected data in a tmp file.[2]
Enterprise T1027 Obfuscated Files or Information

PUNCHTRACK is loaded and executed by a highly obfuscated launcher.[1]

Groups That Use This Software

ID Name References
G0061 FIN8

[1]

References

  1. Kizhakkinan, D. et al.. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.
  1. Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.