{
	"id": "0cf2b9a7-f0f2-4bd6-aa3c-ade61080e313",
	"created_at": "2026-04-06T00:06:43.415191Z",
	"updated_at": "2026-04-10T03:21:47.070793Z",
	"deleted_at": null,
	"sha1_hash": "52942c4cdb34c9dc1ec7c78f2838dbe7f85c2a78",
	"title": "SPC-4 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42907,
	"plain_text": "SPC-4 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 21:23:36 UTC\r\nMobile Threat Catalogue\r\nMalicious Logic Introduction\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-4\r\nThreat Description: A software or firmware programmer with access to the configuration control system can\r\nintroduce malicious logic into software or microelectronics during coding and/or logic-bearing component\r\ndevelopment or update/maintenance.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nEnforce strict access control and auditing for the configuration control system to enable effective auditing of any\r\nunauthorized changes to configuration settings.\r\nUse configuration management tools that can validate that current configuration settings meet policy requirements\r\nTest software and microelectronics to verify their functionality conforms to expected behavior and operates within\r\nnormal tolerances (e.g. timing, temperature, power consumption, EM emissions) both after development and\r\nmaintenance prior to placing or returning the component to the production environment\r\nReferences\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-4.html\r\nPage 1 of 2\n\n1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;\r\nwww.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-4.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-4.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-4.html"
	],
	"report_names": [
		"SPC-4.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434003,
	"ts_updated_at": 1775791307,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/52942c4cdb34c9dc1ec7c78f2838dbe7f85c2a78.pdf",
		"text": "https://archive.orkl.eu/52942c4cdb34c9dc1ec7c78f2838dbe7f85c2a78.txt",
		"img": "https://archive.orkl.eu/52942c4cdb34c9dc1ec7c78f2838dbe7f85c2a78.jpg"
	}
}