{
	"id": "b7437496-dc0d-4257-92b8-32b2aad3d674",
	"created_at": "2026-04-06T02:12:50.896083Z",
	"updated_at": "2026-04-10T13:12:46.743732Z",
	"deleted_at": null,
	"sha1_hash": "e5bf91d3afcdeb7ec8bed5e99793944040c9c350",
	"title": "SPC-9 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43118,
	"plain_text": "SPC-9 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 01:28:58 UTC\r\nMobile Threat Catalogue\r\nMalicious Code in Custom Software\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-9\r\nThreat Description: An adversary with access privileges within the software development environment and to\r\nassociated tools, including the software unit/component test system and the software configuration management\r\nsystem, can hide malicious code in custom software.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nExploit Examples\r\nNot Applicable\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nRequire test results to be digitally signed by both the testing component and a credential uniquely associated with\r\nthe test operator to enforce non-repudiation\r\nEnforce strict access control and auditing for software testing systems to enable effective auditing of tests\r\nDesign testing processes such that individuals responsible for testing do not know the destination of a tested\r\ncomponent to prevent sabotage of a specific critical function, location, device, or organizational operation\r\nDesign testing processes that use at least two independent testers/processes/tools and compare test results for\r\nconsistency\r\nFor mission-critical components, randomly test the same component multiple times using different\r\ntesters/processes/tools and compare test results for consistency\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-9.html\r\nPage 1 of 2\n\nReferences\r\n1. J.F. Miller, “Supply Chain Attack Framework and Attack Patterns”, tech. report, MITRE, Dec. 2013;\r\nwww.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf ↩ ↩2\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-9.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-9.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-9.html"
	],
	"report_names": [
		"SPC-9.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775441570,
	"ts_updated_at": 1775826766,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e5bf91d3afcdeb7ec8bed5e99793944040c9c350.pdf",
		"text": "https://archive.orkl.eu/e5bf91d3afcdeb7ec8bed5e99793944040c9c350.txt",
		"img": "https://archive.orkl.eu/e5bf91d3afcdeb7ec8bed5e99793944040c9c350.jpg"
	}
}