{
	"id": "7f273577-f7a8-4012-a2ba-ff1d1d7d0e6e",
	"created_at": "2026-04-06T00:08:34.408465Z",
	"updated_at": "2026-04-10T13:12:25.380128Z",
	"deleted_at": null,
	"sha1_hash": "f18a3e78efe5b964567a38adeca904a4f1fe523a",
	"title": "SPC-3 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32290,
	"plain_text": "SPC-3 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 12:41:44 UTC\r\nMobile Threat Catalogue\r\nContribute\r\nThreat Category: Supply Chain\r\nID: SPC-3\r\nThreat Description: An adversary with access to software processes and tools within the development or\r\nsoftware support environment can insert malicious software into components during development or\r\nupdate/maintenance.1\r\nThreat Origin\r\nSupply Chain Attack Framework and Attack Patterns 1\r\nSymantec Internet Security Threat Report 2016 2\r\nExploit Examples\r\nXcodeGhost distributed a malicious version of Xcode (Apple’’s developer tools) that automatically includes\r\nmalicious code in compiled iOS apps.\r\nCVE Examples\r\nPossible Countermeasures\r\nMobile App Developer\r\nApp developers should ensure that development tools are obtained from a trusted source (e.g. directly from the\r\nvendor).\r\nEnterprise\r\nOnly software digitally signed by a trusted developer should be used, and the integrity of software development\r\ninstallation packages should be verified prior to installation\r\nObtained software should be installed onto target operating systems in a known-good state (fresh install from\r\nverified installation media) in a test environment, which is then evaluated for any indicators of compromise prior\r\nto authorization of production use\r\nReferences\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-3.html\r\nPage 1 of 2\n\nSource: https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-3.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-3.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-3.html"
	],
	"report_names": [
		"SPC-3.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434114,
	"ts_updated_at": 1775826745,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f18a3e78efe5b964567a38adeca904a4f1fe523a.pdf",
		"text": "https://archive.orkl.eu/f18a3e78efe5b964567a38adeca904a4f1fe523a.txt",
		"img": "https://archive.orkl.eu/f18a3e78efe5b964567a38adeca904a4f1fe523a.jpg"
	}
}