[
  {
    "instruction": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to figure out your environment.\n\nThe tactic consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what\u2019s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.\n\nA. Reconnaissance, B. Credential Access, C. Command and Control, D. Discovery\nAnswer:",
    "context": "",
    "output": "D. Discovery",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to figure out your environment.\n\nThe tactic consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what\u2019s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.",
      "options": "A. Reconnaissance, B. Credential Access, C. Command and Control, D. Discovery",
      "choice": "D. Discovery",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to manipulate, interrupt, or destroy your systems and data.\n \nThe tactic consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for the tactic can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries\u2019 goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.\nA. Resource Development, B. Discovery, C. Impact, D. Collection",
    "context": "",
    "output": "C. Impact",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to manipulate, interrupt, or destroy your systems and data.\n \nThe tactic consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for the tactic can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries\u2019 goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.",
      "options": "A. Resource Development, B. Discovery, C. Impact, D. Collection",
      "choice": "C. Impact",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Q: Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to avoid being detected.\n\nThe tactic consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for the tactic include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses.\n\nA. Defense Evasion, B. Impact, C. Privilege Escalation, D. Credential Access\nA:",
    "context": "",
    "output": "A. Defense Evasion",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to avoid being detected.\n\nThe tactic consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for the tactic include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics\u2019 techniques are cross-listed here when those techniques include the added benefit of subverting defenses.",
      "options": "A. Defense Evasion, B. Impact, C. Privilege Escalation, D. Credential Access",
      "choice": "A. Defense Evasion",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to gain higher-level permissions.\n\nThe tactic consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: \n\n* SYSTEM/root level\n* local administrator\n* user account with admin-like access \n* user accounts with access to specific system or perform specific function\n\nThese techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.\n\nPossible answers:\nA. Lateral Movement, B. Reconnaissance, C. Privilege Escalation, D. Impact",
    "context": "",
    "output": "C. Privilege Escalation",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to gain higher-level permissions.\n\nThe tactic consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: \n\n* SYSTEM/root level\n* local administrator\n* user account with admin-like access \n* user accounts with access to specific system or perform specific function\n\nThese techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.",
      "options": "A. Lateral Movement, B. Reconnaissance, C. Privilege Escalation, D. Impact",
      "choice": "C. Privilege Escalation",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Question: Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to steal data.\n\nThe tactic consists of techniques that adversaries may use to steal data from your network. Once they\u2019ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.\nA. Defense Evasion, B. Discovery, C. Command and Control, D. Exfiltration\nAnswer:",
    "context": "",
    "output": "D. Exfiltration",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to steal data.\n\nThe tactic consists of techniques that adversaries may use to steal data from your network. Once they\u2019ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.",
      "options": "A. Defense Evasion, B. Discovery, C. Command and Control, D. Exfiltration",
      "choice": "D. Exfiltration",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to move through your environment.\n\nThe tactic consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish The tactic or use legitimate credentials with native network and operating system tools, which may be stealthier.\n\nPossible answers:\nA. Defense Evasion, B. Lateral Movement, C. Impact, D. Reconnaissance",
    "context": "",
    "output": "B. Lateral Movement",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Give the MITRE ATT&CK tactic relevant to the following:\nThe adversary is trying to move through your environment.\n\nThe tactic consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish The tactic or use legitimate credentials with native network and operating system tools, which may be stealthier.",
      "options": "A. Defense Evasion, B. Lateral Movement, C. Impact, D. Reconnaissance",
      "choice": "B. Lateral Movement",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to get into your network.\n\nThe tactic consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through the tactic may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.\n\nPossible answers:\nA. Discovery, B. Initial Access, C. Lateral Movement, D. Persistence",
    "context": "",
    "output": "B. Initial Access",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to get into your network.\n\nThe tactic consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through the tactic may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.",
      "options": "A. Discovery, B. Initial Access, C. Lateral Movement, D. Persistence",
      "choice": "B. Initial Access",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Q: Tell me which MITRE tactic is referred to in the following description:\n\nThe adversary is trying to communicate with compromised systems to control them.\n\nThe tactic consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish the tactic with various levels of stealth depending on the victim\u2019s network structure and defenses.\n\nA. Discovery, B. Privilege Escalation, C. Initial Access, D. Command and Control\nA:",
    "context": "",
    "output": "D. Command and Control",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Tell me which MITRE tactic is referred to in the following description:\n\nThe adversary is trying to communicate with compromised systems to control them.\n\nThe tactic consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish the tactic with various levels of stealth depending on the victim\u2019s network structure and defenses.",
      "options": "A. Discovery, B. Privilege Escalation, C. Initial Access, D. Command and Control",
      "choice": "D. Command and Control",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Answer which mitre tactic is related to the description: The adversary is trying to establish resources they can use to support operations.\n\nThe tactic consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.\nA. Lateral Movement, B. Resource Development, C. Reconnaissance, D. Discovery",
    "context": "",
    "output": "B. Resource Development",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Answer which mitre tactic is related to the description: The adversary is trying to establish resources they can use to support operations.\n\nThe tactic consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.",
      "options": "A. Lateral Movement, B. Resource Development, C. Reconnaissance, D. Discovery",
      "choice": "B. Resource Development",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  },
  {
    "instruction": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to steal account names and passwords.\n\nThe tactic consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.\n\nA. Resource Development, B. Credential Access, C. Command and Control, D. Execution\nAnswer:",
    "context": "",
    "output": "B. Credential Access",
    "category": "MitreFlan",
    "instruction_type": "mitre_options_tactic",
    "parsed_raw_data": {
      "question": "Which MITRE ATT&CK tactic is described in the following:\nThe adversary is trying to steal account names and passwords.\n\nThe tactic consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.",
      "options": "A. Resource Development, B. Credential Access, C. Command and Control, D. Execution",
      "choice": "B. Credential Access",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_options_tactic"
    }
  }
]