[
  {
    "instruction": "Answer in Yes or No.\n\nQuestion: Is campaign C0026 (C0010) accurately described in the following description:\n\nC0010 was a cyber espionage campaign conducted by UNC3890 that targeted Israeli shipping, government, aviation, energy, and healthcare organizations. Security researcher assess UNC3890 conducts operations in support of Iranian interests, and noted several limited technical connections to Iran, including PDB strings and Farsi language artifacts. C0010 began by at least late 2020, and was still ongoing as of mid-2022.",
    "context": "",
    "output": "No",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign C0026 (C0010) accurately described in the following description:\n\nC0010 was a cyber espionage campaign conducted by UNC3890 that targeted Israeli shipping, government, aviation, energy, and healthcare organizations. Security researcher assess UNC3890 conducts operations in support of Iranian interests, and noted several limited technical connections to Iran, including PDB strings and Farsi language artifacts. C0010 began by at least late 2020, and was still ongoing as of mid-2022.",
      "yes/no": "No",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: You are given the following description:\nDescription - C0032 was an extended campaign suspected to involve the Triton adversaries with related capabilities and techniques focused on gaining a foothold within IT environments. This campaign occurred in 2019 and was distinctly different from the Triton Safety Instrumented System Attack..\n\nIs the following description related to campaign C0032 (C0032).\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "Yes",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "You are given the following description:\nDescription - C0032 was an extended campaign suspected to involve the Triton adversaries with related capabilities and techniques focused on gaining a foothold within IT environments. This campaign occurred in 2019 and was distinctly different from the Triton Safety Instrumented System Attack..\n\nIs the following description related to campaign C0032 (C0032)",
      "yes/no": "Yes",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: Is campaign Night Dragon (C0002) accurately described in the following description:\n\nNight Dragon was a cyber espionage campaign that targeted oil, energy, and petrochemical companies, along with individuals and executives in Kazakhstan, Taiwan, Greece, and the United States. The unidentified threat actors searched for information related to oil and gas field production systems, financials, and collected data from SCADA systems. Based on the observed techniques, tools, and network activities, security researchers assessed the campaign involved a threat group based in China..\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "Yes",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign Night Dragon (C0002) accurately described in the following description:\n\nNight Dragon was a cyber espionage campaign that targeted oil, energy, and petrochemical companies, along with individuals and executives in Kazakhstan, Taiwan, Greece, and the United States. The unidentified threat actors searched for information related to oil and gas field production systems, financials, and collected data from SCADA systems. Based on the observed techniques, tools, and network activities, security researchers assessed the campaign involved a threat group based in China.",
      "yes/no": "Yes",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: You are given the following description:\nDescription - Triton Safety Instrumented System Attack was a campaign employed by TEMP.Veles which leveraged the Triton malware framework against a petrochemical organization. The malware and techniques used within this campaign targeted specific Triconex Safety Controllers within the environment. The incident was eventually discovered due to a safety trip that occurred as a result of an issue in the malware..\n\nIs the following description related to campaign Triton Safety Instrumented System Attack (C0030).\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "Yes",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "You are given the following description:\nDescription - Triton Safety Instrumented System Attack was a campaign employed by TEMP.Veles which leveraged the Triton malware framework against a petrochemical organization. The malware and techniques used within this campaign targeted specific Triconex Safety Controllers within the environment. The incident was eventually discovered due to a safety trip that occurred as a result of an issue in the malware..\n\nIs the following description related to campaign Triton Safety Instrumented System Attack (C0030)",
      "yes/no": "Yes",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: You are given the following description:\nDescription - Operation Sharpshooter was a global cyber espionage campaign that targeted nuclear, defense, government, energy, and financial companies, with many located in Germany, Turkey, the United Kingdom, and the United States. Security researchers noted the campaign shared many similarities with previous Lazarus Group operations, including fake job recruitment lures and shared malware code..\n\nIs the following description related to campaign C0021 (C0013).\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "No.\nThe provided context is related to Operation Sharpshooter",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "You are given the following description:\nDescription - Operation Sharpshooter was a global cyber espionage campaign that targeted nuclear, defense, government, energy, and financial companies, with many located in Germany, Turkey, the United Kingdom, and the United States. Security researchers noted the campaign shared many similarities with previous Lazarus Group operations, including fake job recruitment lures and shared malware code..\n\nIs the following description related to campaign C0021 (C0013)",
      "yes/no": "No.\nThe provided context is related to Operation Sharpshooter",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: You are given the following description:\nDescription - The SolarWinds Compromise was a sophisticated supply chain cyber operation conducted by APT29 that was discovered in mid-December 2020. APT29 used customized malware to inject malicious code into the SolarWinds Orion software build process that was later distributed through a normal software update; they also used password spraying, token theft, API abuse, spear phishing, and other supply chain attacks to compromise user accounts and leverage their associated access. Victims of this campaign included government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East. Industry reporting initially referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm. \n\nIn April 2021, the US and UK governments attributed the SolarWinds Compromise to Russia's Foreign Intelligence Service (SVR); public statements included citations to APT29, Cozy Bear, and The Dukes. The US government assessed that of the approximately 18,000 affected public and private sector customers of Solar Winds\u2019 Orion product, a much smaller number were compromised by follow-on APT29 activity on their systems..\n\nIs the following description related to campaign SolarWinds Compromise (C0024).\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "Yes",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "You are given the following description:\nDescription - The SolarWinds Compromise was a sophisticated supply chain cyber operation conducted by APT29 that was discovered in mid-December 2020. APT29 used customized malware to inject malicious code into the SolarWinds Orion software build process that was later distributed through a normal software update; they also used password spraying, token theft, API abuse, spear phishing, and other supply chain attacks to compromise user accounts and leverage their associated access. Victims of this campaign included government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East. Industry reporting initially referred to the actors involved in this campaign as UNC2452, NOBELIUM, StellarParticle, Dark Halo, and SolarStorm. \n\nIn April 2021, the US and UK governments attributed the SolarWinds Compromise to Russia's Foreign Intelligence Service (SVR); public statements included citations to APT29, Cozy Bear, and The Dukes. The US government assessed that of the approximately 18,000 affected public and private sector customers of Solar Winds\u2019 Orion product, a much smaller number were compromised by follow-on APT29 activity on their systems..\n\nIs the following description related to campaign SolarWinds Compromise (C0024)",
      "yes/no": "Yes",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: Is campaign C0033 (C0001) accurately described in the following description:\n\nFrankenstein was described by security researchers as a highly-targeted campaign conducted by moderately sophisticated and highly resourceful threat actors in early 2019. The unidentified actors primarily relied on open source tools, including Empire. The campaign name refers to the actors' ability to piece together several unrelated open-source tool components..\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "No.\nThe provided context is related to Frankenstein",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign C0033 (C0001) accurately described in the following description:\n\nFrankenstein was described by security researchers as a highly-targeted campaign conducted by moderately sophisticated and highly resourceful threat actors in early 2019. The unidentified actors primarily relied on open source tools, including Empire. The campaign name refers to the actors' ability to piece together several unrelated open-source tool components.",
      "yes/no": "No.\nThe provided context is related to Frankenstein",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: Is campaign FunnyDream (C0007) accurately described in the following description:\n\nFunnyDream was a suspected Chinese cyber espionage campaign that targeted government and foreign organizations in Malaysia, the Philippines, Taiwan, Vietnam, and other parts of Southeast Asia. Security researchers linked the FunnyDream campaign to possible Chinese-speaking threat actors through the use of the Chinoxy backdoor and noted infrastructure overlap with the TAG-16 threat group..\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "Yes",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign FunnyDream (C0007) accurately described in the following description:\n\nFunnyDream was a suspected Chinese cyber espionage campaign that targeted government and foreign organizations in Malaysia, the Philippines, Taiwan, Vietnam, and other parts of Southeast Asia. Security researchers linked the FunnyDream campaign to possible Chinese-speaking threat actors through the use of the Chinoxy backdoor and noted infrastructure overlap with the TAG-16 threat group.",
      "yes/no": "Yes",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Answer in Yes or No.\n\nQuestion: Is campaign Night Dragon (C0011) accurately described in the following description:\n\nC0011 was a suspected cyber espionage campaign conducted by Transparent Tribe that targeted students at universities and colleges in India. Security researchers noted this campaign against students was a significant shift from Transparent Tribe's historic targeting Indian government, military, and think tank personnel, and assessed it was still ongoing as of July 2022.",
    "context": "",
    "output": "No.\nThe provided context is related to C0011",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign Night Dragon (C0011) accurately described in the following description:\n\nC0011 was a suspected cyber espionage campaign conducted by Transparent Tribe that targeted students at universities and colleges in India. Security researchers noted this campaign against students was a significant shift from Transparent Tribe's historic targeting Indian government, military, and think tank personnel, and assessed it was still ongoing as of July 2022.",
      "yes/no": "No.\nThe provided context is related to C0011",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  },
  {
    "instruction": "Q: Is campaign C0027 (C0023) accurately described in the following description:\n\nOperation Ghost was an APT29 campaign starting in 2013 that included operations against ministries of foreign affairs in Europe and the Washington, D.C. embassy of a European Union country. During Operation Ghost, APT29 used new families of malware and leveraged web services, steganography, and unique C2 infrastructure for each victim..\n\nProvide your answer in Yes or No.",
    "context": "",
    "output": "No",
    "category": "MitreFlan",
    "instruction_type": "mitre_yes_no_description_campaign",
    "parsed_raw_data": {
      "question": "Is campaign C0027 (C0023) accurately described in the following description:\n\nOperation Ghost was an APT29 campaign starting in 2013 that included operations against ministries of foreign affairs in Europe and the Washington, D.C. embassy of a European Union country. During Operation Ghost, APT29 used new families of malware and leveraged web services, steganography, and unique C2 infrastructure for each victim.",
      "yes/no": "No",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_yes_no_description_campaign"
    }
  }
]