[
  {
    "instruction": "Which tactic is related to the following procedure description: ShadowPad has deleted arbitrary Registry values.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software ShadowPad employs the technique Indicator Removal (T1070);\nTechnique Indicator Removal (T1070) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: ShadowPad has deleted arbitrary Registry values.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software ShadowPad employs the technique Indicator Removal (T1070);\nTechnique Indicator Removal (T1070) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: GOLD SOUTHFIELD has distributed ransomware by backdooring software installers via a strategic web compromise of the site hosting Italian WinRAR.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how group GOLD SOUTHFIELD employs the sub-technique Compromise Software Supply Chain (T1195.002);\nSub technique Compromise Software Supply Chain (T1195.002) is a type of technique Supply Chain Compromise (T1195);\nTechnique Supply Chain Compromise (T1195) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: GOLD SOUTHFIELD has distributed ransomware by backdooring software installers via a strategic web compromise of the site hosting Italian WinRAR.",
      "answer": "The provided description pertains to the Mitre procedure concerning how group GOLD SOUTHFIELD employs the sub-technique Compromise Software Supply Chain (T1195.002);\nSub technique Compromise Software Supply Chain (T1195.002) is a type of technique Supply Chain Compromise (T1195);\nTechnique Supply Chain Compromise (T1195) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: RTM runs its core DLL file using rundll32.exe.?",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software RTM employs the sub-technique Rundll32 (T1218.011);\nSub technique Rundll32 (T1218.011) is a type of technique System Binary Proxy Execution (T1218);\nTechnique System Binary Proxy Execution (T1218) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: RTM runs its core DLL file using rundll32.exe.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software RTM employs the sub-technique Rundll32 (T1218.011);\nSub technique Rundll32 (T1218.011) is a type of technique System Binary Proxy Execution (T1218);\nTechnique System Binary Proxy Execution (T1218) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description:\nROKRAT can steal credentials stored in Web browsers by querying the sqlite database.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure involving the application of sub-technique Credentials from Web Browsers (T1555.003) by software ROKRAT;\nSub technique Credentials from Web Browsers (T1555.003) is a type of technique Credentials from Password Stores (T1555);\nTechnique Credentials from Password Stores (T1555) is a type of tactic Credential Access (TA0006);\nTherefore, the given description is related to tactic Credential Access (TA0006).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description:\nROKRAT can steal credentials stored in Web browsers by querying the sqlite database.",
      "answer": "The provided description pertains to the Mitre procedure involving the application of sub-technique Credentials from Web Browsers (T1555.003) by software ROKRAT;\nSub technique Credentials from Web Browsers (T1555.003) is a type of technique Credentials from Password Stores (T1555);\nTechnique Credentials from Password Stores (T1555) is a type of tactic Credential Access (TA0006);\nTherefore, the given description is related to tactic Credential Access (TA0006).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: Clambling has the ability to use Telnet for communication.?",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software Clambling employs the technique Application Layer Protocol (T1071);\nTechnique Application Layer Protocol (T1071) is a type of tactic Command and Control (TA0011);\nTherefore, the given description is related to tactic Command and Control (TA0011).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: Clambling has the ability to use Telnet for communication.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software Clambling employs the technique Application Layer Protocol (T1071);\nTechnique Application Layer Protocol (T1071) is a type of tactic Command and Control (TA0011);\nTherefore, the given description is related to tactic Command and Control (TA0011).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description:\nAndariel has hidden malicious executables within PNG files.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure involving the application of sub-technique Steganography (T1027.003) by group Andariel;\nSub technique Steganography (T1027.003) is a type of technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description:\nAndariel has hidden malicious executables within PNG files.",
      "answer": "The provided description pertains to the Mitre procedure involving the application of sub-technique Steganography (T1027.003) by group Andariel;\nSub technique Steganography (T1027.003) is a type of technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: Reaver encrypts some of its files with XOR.?",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software Reaver employs the sub-technique Encrypted/Encoded File (T1027.013);\nSub technique Encrypted/Encoded File (T1027.013) is a type of technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: Reaver encrypts some of its files with XOR.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software Reaver employs the sub-technique Encrypted/Encoded File (T1027.013);\nSub technique Encrypted/Encoded File (T1027.013) is a type of technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description:\nDragonfly has cleared Windows event logs and other logs produced by tools they used, including system, security, terminal services, remote services, and audit logs. The actors also deleted specific Registry keys.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure involving the application of sub-technique Clear Windows Event Logs (T1070.001) by group Dragonfly;\nSub technique Clear Windows Event Logs (T1070.001) is a type of technique Indicator Removal (T1070);\nTechnique Indicator Removal (T1070) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description:\nDragonfly has cleared Windows event logs and other logs produced by tools they used, including system, security, terminal services, remote services, and audit logs. The actors also deleted specific Registry keys.",
      "answer": "The provided description pertains to the Mitre procedure involving the application of sub-technique Clear Windows Event Logs (T1070.001) by group Dragonfly;\nSub technique Clear Windows Event Logs (T1070.001) is a type of technique Indicator Removal (T1070);\nTechnique Indicator Removal (T1070) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: Ramsay has used base64 to encode its C2 traffic.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software Ramsay employs the sub-technique Standard Encoding (T1132.001);\nSub technique Standard Encoding (T1132.001) is a type of technique Data Encoding (T1132);\nTechnique Data Encoding (T1132) is a type of tactic Command and Control (TA0011);\nTherefore, the given description is related to tactic Command and Control (TA0011).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: Ramsay has used base64 to encode its C2 traffic.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software Ramsay employs the sub-technique Standard Encoding (T1132.001);\nSub technique Standard Encoding (T1132.001) is a type of technique Data Encoding (T1132);\nTechnique Data Encoding (T1132) is a type of tactic Command and Control (TA0011);\nTherefore, the given description is related to tactic Command and Control (TA0011).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  },
  {
    "instruction": "Which tactic is related to the following procedure description: Conficker has obfuscated its code to prevent its removal from host machines.",
    "context": "",
    "output": "The provided description pertains to the Mitre procedure concerning how software Conficker employs the technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
    "category": "MitreFlan",
    "instruction_type": "cot_procedure_tactic_mapping_CoT",
    "parsed_raw_data": {
      "question": "Which tactic is related to the following procedure description: Conficker has obfuscated its code to prevent its removal from host machines.",
      "answer": "The provided description pertains to the Mitre procedure concerning how software Conficker employs the technique Obfuscated Files or Information (T1027);\nTechnique Obfuscated Files or Information (T1027) is a type of tactic Defense Evasion (TA0005);\nTherefore, the given description is related to tactic Defense Evasion (TA0005).",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "cot_procedure_tactic_mapping_CoT"
    }
  }
]