[
  {
    "instruction": "Describe the following MITRE ATT&CK campaign - C0015 (C0015)?",
    "context": "",
    "output": "Description of MITRE ATT&CK 'C0015 (C0015)' - C0015 was a ransomware intrusion during which the unidentified attackers used Bazar, Cobalt Strike, and Conti, along with other tools, over a 5 day period. Security researchers assessed the actors likely used the widely-circulated Conti ransomware playbook based on the observed pattern of activity and operator errors.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Describe the following MITRE ATT&CK campaign - C0015 (C0015)",
      "answer": "Description of MITRE ATT&CK 'C0015 (C0015)' - C0015 was a ransomware intrusion during which the unidentified attackers used Bazar, Cobalt Strike, and Conti, along with other tools, over a 5 day period. Security researchers assessed the actors likely used the widely-circulated Conti ransomware playbook based on the observed pattern of activity and operator errors.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Tell me about MITRE ATT&CK campaign: Operation Wocao - C0014?",
    "context": "",
    "output": "Ofcourse. Below is the description for MITRE campaign 'Operation Wocao (C0014)':\nOperation Wocao was a cyber espionage campaign that targeted organizations around the world, including in Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States. The suspected China-based actors compromised government organizations and managed service providers, as well as aviation, construction, energy, finance, health care, insurance, offshore engineering, software development, and transportation companies.\n\nSecurity researchers assessed the Operation Wocao actors used similar TTPs and tools as APT20, suggesting a possible overlap. Operation Wocao was named after an observed command line entry by one of the threat actors, possibly out of frustration from losing webshell access.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Tell me about MITRE ATT&CK campaign: Operation Wocao - C0014",
      "answer": "Ofcourse. Below is the description for MITRE campaign 'Operation Wocao (C0014)':\nOperation Wocao was a cyber espionage campaign that targeted organizations around the world, including in Brazil, China, France, Germany, Italy, Mexico, Portugal, Spain, the United Kingdom, and the United States. The suspected China-based actors compromised government organizations and managed service providers, as well as aviation, construction, energy, finance, health care, insurance, offshore engineering, software development, and transportation companies.\n\nSecurity researchers assessed the Operation Wocao actors used similar TTPs and tools as APT20, suggesting a possible overlap. Operation Wocao was named after an observed command line entry by one of the threat actors, possibly out of frustration from losing webshell access.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Can you please describe the MITRE ATT&CK campaign: 'Operation Spalax (C0005)'",
    "context": "",
    "output": "Indeed. Description for MITRE ATT&CK campaign 'Operation Spalax (C0005)':\n\nOperation Spalax was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The Operation Spalax threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to APT-C-36, however identified enough differences to report this as separate, unattributed activity.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Can you please describe the MITRE ATT&CK campaign: 'Operation Spalax (C0005)'",
      "answer": "Indeed. Description for MITRE ATT&CK campaign 'Operation Spalax (C0005)':\n\nOperation Spalax was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The Operation Spalax threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to APT-C-36, however identified enough differences to report this as separate, unattributed activity.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Can you please describe the MITRE ATT&CK campaign: 2022 Ukraine Electric Power Attack (C0034)?",
    "context": "",
    "output": "Sure! Here is the description: The 2022 Ukraine Electric Power Attack was a Sandworm Team campaign that used a combination of GOGETTER, Neo-REGEORG, CaddyWiper, and living of the land (LotL) techniques to gain access to a Ukrainian electric utility to send unauthorized commands from their SCADA system.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Can you please describe the MITRE ATT&CK campaign: 2022 Ukraine Electric Power Attack (C0034)",
      "answer": "Sure! Here is the description: The 2022 Ukraine Electric Power Attack was a Sandworm Team campaign that used a combination of GOGETTER, Neo-REGEORG, CaddyWiper, and living of the land (LotL) techniques to gain access to a Ukrainian electric utility to send unauthorized commands from their SCADA system.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Describe the MITRE ATT&CK campaign: 2015 Ukraine Electric Power Attack (C0028)",
    "context": "",
    "output": "Below is the description for the MITRE ATT&CK campaign named '2015 Ukraine Electric Power Attack (C0028)':\n2015 Ukraine Electric Power Attack was a Sandworm Team campaign during which they used BlackEnergy (specifically BlackEnergy3) and KillDisk to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Describe the MITRE ATT&CK campaign: 2015 Ukraine Electric Power Attack (C0028)",
      "answer": "Below is the description for the MITRE ATT&CK campaign named '2015 Ukraine Electric Power Attack (C0028)':\n2015 Ukraine Electric Power Attack was a Sandworm Team campaign during which they used BlackEnergy (specifically BlackEnergy3) and KillDisk to target and disrupt transmission and distribution substations within the Ukrainian power grid. This campaign was the first major public attack conducted against the Ukrainian power grid by Sandworm Team.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Can you please describe the campaign: Operation Honeybee (C0006)",
    "context": "",
    "output": "Certainly. Here is the description: Operation Honeybee was a campaign that targeted humanitarian aid and inter-Korean affairs organizations from at least late 2017 through early 2018. Operation Honeybee initially targeted South Korea, but expanded to include Vietnam, Singapore, Japan, Indonesia, Argentina, and Canada. Security researchers assessed the threat actors were likely Korean speakers based on metadata used in both lure documents and executables, and named the campaign \"Honeybee\" after the author name discovered in malicious Word documents.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Can you please describe the campaign: Operation Honeybee (C0006)",
      "answer": "Certainly. Here is the description: Operation Honeybee was a campaign that targeted humanitarian aid and inter-Korean affairs organizations from at least late 2017 through early 2018. Operation Honeybee initially targeted South Korea, but expanded to include Vietnam, Singapore, Japan, Indonesia, Argentina, and Canada. Security researchers assessed the threat actors were likely Korean speakers based on metadata used in both lure documents and executables, and named the campaign \"Honeybee\" after the author name discovered in malicious Word documents.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Describe MITRE campaign 'C0021 (C0021)'?",
    "context": "",
    "output": "Here is the description for campaign 'C0021 (C0021)':\nC0021 was a spearphishing campaign conducted in November 2018 that targeted public sector institutions, non-governmental organizations (NGOs), educational institutions, and private-sector corporations in the oil and gas, chemical, and hospitality industries. The majority of targets were located in the US, particularly in and around Washington D.C., with other targets located in Europe, Hong Kong, India, and Canada. C0021's technical artifacts, tactics, techniques, and procedures (TTPs), and targeting overlap with previous suspected APT29 activity.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Describe MITRE campaign 'C0021 (C0021)'",
      "answer": "Here is the description for campaign 'C0021 (C0021)':\nC0021 was a spearphishing campaign conducted in November 2018 that targeted public sector institutions, non-governmental organizations (NGOs), educational institutions, and private-sector corporations in the oil and gas, chemical, and hospitality industries. The majority of targets were located in the US, particularly in and around Washington D.C., with other targets located in Europe, Hong Kong, India, and Canada. C0021's technical artifacts, tactics, techniques, and procedures (TTPs), and targeting overlap with previous suspected APT29 activity.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Can you please describe the campaign: C0011 (C0011)",
    "context": "",
    "output": "Certainly. Here is the description: C0011 was a suspected cyber espionage campaign conducted by Transparent Tribe that targeted students at universities and colleges in India. Security researchers noted this campaign against students was a significant shift from Transparent Tribe's historic targeting Indian government, military, and think tank personnel, and assessed it was still ongoing as of July 2022.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Can you please describe the campaign: C0011 (C0011)",
      "answer": "Certainly. Here is the description: C0011 was a suspected cyber espionage campaign conducted by Transparent Tribe that targeted students at universities and colleges in India. Security researchers noted this campaign against students was a significant shift from Transparent Tribe's historic targeting Indian government, military, and think tank personnel, and assessed it was still ongoing as of July 2022.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Tell me about MITRE ATT&CK campaign: C0032 - C0032",
    "context": "",
    "output": "Ofcourse. Below is the description for MITRE campaign 'C0032 (C0032)':\nC0032 was an extended campaign suspected to involve the Triton adversaries with related capabilities and techniques focused on gaining a foothold within IT environments. This campaign occurred in 2019 and was distinctly different from the Triton Safety Instrumented System Attack.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Tell me about MITRE ATT&CK campaign: C0032 - C0032",
      "answer": "Ofcourse. Below is the description for MITRE campaign 'C0032 (C0032)':\nC0032 was an extended campaign suspected to involve the Triton adversaries with related capabilities and techniques focused on gaining a foothold within IT environments. This campaign occurred in 2019 and was distinctly different from the Triton Safety Instrumented System Attack.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  },
  {
    "instruction": "Tell me about mitre campaign: 2016 Ukraine Electric Power Attack (C0025)?",
    "context": "",
    "output": "Sure! here is the description for mitre campaign '2016 Ukraine Electric Power Attack (C0025)':\n2016 Ukraine Electric Power Attack was a Sandworm Team campaign during which they used Industroyer malware to target and disrupt distribution substations within the Ukrainian power grid. This campaign was the second major public attack conducted against Ukraine by Sandworm Team.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_campaign",
    "parsed_raw_data": {
      "question": "Tell me about mitre campaign: 2016 Ukraine Electric Power Attack (C0025)",
      "answer": "Sure! here is the description for mitre campaign '2016 Ukraine Electric Power Attack (C0025)':\n2016 Ukraine Electric Power Attack was a Sandworm Team campaign during which they used Industroyer malware to target and disrupt distribution substations within the Ukrainian power grid. This campaign was the second major public attack conducted against Ukraine by Sandworm Team.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_campaign"
    }
  }
]