{
	"id": "cd97499b-a004-46fa-a615-067edcda84ab",
	"created_at": "2026-04-06T00:06:25.703106Z",
	"updated_at": "2026-04-10T03:20:16.355166Z",
	"deleted_at": null,
	"sha1_hash": "750e1cb10f66842c00f7f27b6b93654c8bc35df8",
	"title": "SPC-10 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43327,
	"plain_text": "SPC-10 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 20:45:19 UTC\r\nMobile Threat Catalogue\r\nMalicious Software in 3rd Party Bundling Process\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-10\r\nThreat Description: An adversary with access to 3rd party bundling processes and tools can implant malicious\r\nsoftware in a system during the hardware-software integration phase.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nTest systems that contain newly integrated or updated software components to detect incorrect function or\r\nanomalous behavior prior to production use\r\nObtain direct from the software developer a list of files changed by the installation or upgrade process, and if\r\npossible, strong cryptographic hashes for file updates that are configuration-independent and should produce\r\nknown values\r\nUse fine-grained role-based access control mechanisms and user/service roles that reduce the potential that\r\nmalicious installation or upgrade packages can introduce malware outside of files and directories allocated to the\r\nassociated software\r\nScan systems with newly integrated or updated software components for indicators of compromise prior to\r\nproduction use\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-10.html\r\nPage 1 of 2\n\nReferences\r\n1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;\r\nwww.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-10.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-10.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-10.html"
	],
	"report_names": [
		"SPC-10.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775433985,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/750e1cb10f66842c00f7f27b6b93654c8bc35df8.pdf",
		"text": "https://archive.orkl.eu/750e1cb10f66842c00f7f27b6b93654c8bc35df8.txt",
		"img": "https://archive.orkl.eu/750e1cb10f66842c00f7f27b6b93654c8bc35df8.jpg"
	}
}