{
	"id": "b3d9b6ad-2428-458e-89f4-595e91b09753",
	"created_at": "2026-04-06T00:09:59.257948Z",
	"updated_at": "2026-04-10T03:21:50.56727Z",
	"deleted_at": null,
	"sha1_hash": "27a788ea2f10879d97174a7f536420bca3b6141b",
	"title": "SPC-20 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35510,
	"plain_text": "SPC-20 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 19:07:14 UTC\r\nMobile Threat Catalogue\r\nComponent Substitution During Software Upgrade\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-20\r\nThreat Description: An adversary with access to a software support activity can substitute malicious software for\r\na legitimate component during a software upgrade.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nExploit Examples\r\nCVE Examples\r\nPossible Countermeasures\r\nReferences\r\n1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;\r\nwww.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html"
	],
	"report_names": [
		"SPC-20.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434199,
	"ts_updated_at": 1775791310,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/27a788ea2f10879d97174a7f536420bca3b6141b.pdf",
		"text": "https://archive.orkl.eu/27a788ea2f10879d97174a7f536420bca3b6141b.txt",
		"img": "https://archive.orkl.eu/27a788ea2f10879d97174a7f536420bca3b6141b.jpg"
	}
}