[
  {
    "instruction": "Can you please describe the MITRE ATT&CK software: metaMain (S1059)",
    "context": "",
    "output": "Sure! Here is the description: metaMain is a backdoor used by Metador to maintain long-term access to compromised machines; it has also been used to decrypt Mafalda into memory.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Can you please describe the MITRE ATT&CK software: metaMain (S1059)",
      "answer": "Sure! Here is the description: metaMain is a backdoor used by Metador to maintain long-term access to compromised machines; it has also been used to decrypt Mafalda into memory.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Tell me about mitre software: VBShower (S0442)",
    "context": "",
    "output": "Sure! here is the description for mitre software 'VBShower (S0442)':\nVBShower is a backdoor that has been used by Inception since at least 2019. VBShower has been used as a downloader for second stage payloads, including PowerShower.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Tell me about mitre software: VBShower (S0442)",
      "answer": "Sure! here is the description for mitre software 'VBShower (S0442)':\nVBShower is a backdoor that has been used by Inception since at least 2019. VBShower has been used as a downloader for second stage payloads, including PowerShower.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Tell me about MITRE ATT&CK software: PowerDuke - S0139",
    "context": "",
    "output": "Ofcourse. Below is the description for MITRE software 'PowerDuke (S0139)':\nPowerDuke is a backdoor that was used by APT29 in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Tell me about MITRE ATT&CK software: PowerDuke - S0139",
      "answer": "Ofcourse. Below is the description for MITRE software 'PowerDuke (S0139)':\nPowerDuke is a backdoor that was used by APT29 in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Provide a short description for the MITRE ATT&CK software: Rclone (S1040)?",
    "context": "",
    "output": "Sure. Short description for the requested MITRE ATT&CK:\n\nRclone is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. Rclone has been used in a number of ransomware campaigns, including those associated with the Conti and DarkSide Ransomware-as-a-Service operations.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Provide a short description for the MITRE ATT&CK software: Rclone (S1040)",
      "answer": "Sure. Short description for the requested MITRE ATT&CK:\n\nRclone is a command line program for syncing files with cloud storage services such as Dropbox, Google Drive, Amazon S3, and MEGA. Rclone has been used in a number of ransomware campaigns, including those associated with the Conti and DarkSide Ransomware-as-a-Service operations.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Can you please describe the software: RawDisk (S0364)",
    "context": "",
    "output": "Certainly. Here is the description: RawDisk is a legitimate commercial driver from the EldoS Corporation that is used for interacting with files, disks, and partitions. The driver allows for direct modification of data on a local computer's hard drive. In some cases, the tool can enact these raw disk modifications from user-mode processes, circumventing Windows operating system security features.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Can you please describe the software: RawDisk (S0364)",
      "answer": "Certainly. Here is the description: RawDisk is a legitimate commercial driver from the EldoS Corporation that is used for interacting with files, disks, and partitions. The driver allows for direct modification of data on a local computer's hard drive. In some cases, the tool can enact these raw disk modifications from user-mode processes, circumventing Windows operating system security features.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Describe the following software - Hydraq (S0203)",
    "context": "",
    "output": "Description: Hydraq is a data-theft trojan first used by Elderwood in the 2009 Google intrusion known as Operation Aurora, though variations of this trojan have been used in more recent campaigns by other Chinese actors, possibly including APT17.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Describe the following software - Hydraq (S0203)",
      "answer": "Description: Hydraq is a data-theft trojan first used by Elderwood in the 2009 Google intrusion known as Operation Aurora, though variations of this trojan have been used in more recent campaigns by other Chinese actors, possibly including APT17.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Can you please describe the MITRE ATT&CK software: 'Net (S0039)'",
    "context": "",
    "output": "Indeed. Description for MITRE ATT&CK software 'Net (S0039)':\n\nThe Net utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. \n\nNet has a great deal of functionality,  much of which is useful for an adversary, such as gathering system and network information for Discovery, moving laterally through SMB/Windows Admin Shares using <code>net use</code> commands, and interacting with services. The net1.exe utility is executed for certain functionality when net.exe is run and can be used directly in commands such as <code>net1 user</code>.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Can you please describe the MITRE ATT&CK software: 'Net (S0039)'",
      "answer": "Indeed. Description for MITRE ATT&CK software 'Net (S0039)':\n\nThe Net utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. \n\nNet has a great deal of functionality,  much of which is useful for an adversary, such as gathering system and network information for Discovery, moving laterally through SMB/Windows Admin Shares using <code>net use</code> commands, and interacting with services. The net1.exe utility is executed for certain functionality when net.exe is run and can be used directly in commands such as <code>net1 user</code>.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Can you please describe the MITRE ATT&CK software: SharpStage (S0546)",
    "context": "",
    "output": "Sure! Here is the description: SharpStage is a .NET malware with backdoor capabilities.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Can you please describe the MITRE ATT&CK software: SharpStage (S0546)",
      "answer": "Sure! Here is the description: SharpStage is a .NET malware with backdoor capabilities.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Can you please describe the software: Ursnif (S0386)",
    "context": "",
    "output": "Certainly. Here is the description: Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit kits, Spearphishing Attachments, and malicious links. Ursnif is associated primarily with data theft, but variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Can you please describe the software: Ursnif (S0386)",
      "answer": "Certainly. Here is the description: Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit kits, Spearphishing Attachments, and malicious links. Ursnif is associated primarily with data theft, but variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  },
  {
    "instruction": "Describe the following MITRE software: ABK - S0469?",
    "context": "",
    "output": "Description for the MITRE software ABK (S0469):\nABK is a downloader that has been used by BRONZE BUTLER since at least 2019.",
    "category": "MitreFlan",
    "instruction_type": "mitre_description_software",
    "parsed_raw_data": {
      "question": "Describe the following MITRE software: ABK - S0469",
      "answer": "Description for the MITRE software ABK (S0469):\nABK is a downloader that has been used by BRONZE BUTLER since at least 2019.",
      "category": [
        "MITREFlan"
      ],
      "instruction_type": "mitre_description_software"
    }
  }
]