From bef7936202ddc44a711f4d8f48a1d5e0e7a5e99d Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Mon, 8 Dec 2025 03:49:55 +0100
Subject: [PATCH] add dataset for react2shell

---
 .../react2shell/react2shell.yml               | 21 +++++++++++++++++++
 .../react2shell/react2shell_linux.log         |  3 +++
 .../react2shell/react2shell_windows.log       |  3 +++
 3 files changed, 27 insertions(+)
 create mode 100644 datasets/emerging_threats/react2shell/react2shell.yml
 create mode 100644 datasets/emerging_threats/react2shell/react2shell_linux.log
 create mode 100644 datasets/emerging_threats/react2shell/react2shell_windows.log

diff --git a/datasets/emerging_threats/react2shell/react2shell.yml b/datasets/emerging_threats/react2shell/react2shell.yml
new file mode 100644
index 00000000..b8e96163
--- /dev/null
+++ b/datasets/emerging_threats/react2shell/react2shell.yml
@@ -0,0 +1,21 @@
+author: Nasreddine Bencherchali, Splunk
+id: f0beed06-629e-4d1e-9dae-b4687c779668
+date: '2025-12-08'
+description: Generated datasets for React2Shell exploitation
+environment: attack_range
+directory: reacr2shell
+mitre_technique:
+- T1059
+- T1059.001
+- T1059.003
+- T1059.004
+- T1190
+datasets:
+- name: react2shell_linux
+  path: /datasets/react2shell/react2shell_linux.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
+- name: react2shell_windows
+  path: /datasets/react2shell/react2shell.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/emerging_threats/react2shell/react2shell_linux.log b/datasets/emerging_threats/react2shell/react2shell_linux.log
new file mode 100644
index 00000000..60e1ee84
--- /dev/null
+++ b/datasets/emerging_threats/react2shell/react2shell_linux.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52d7ad3faa5e13590da2c8872d9f9ac8d2b3fd645e4a1527fae083a3094f6d1b
+size 1730
diff --git a/datasets/emerging_threats/react2shell/react2shell_windows.log b/datasets/emerging_threats/react2shell/react2shell_windows.log
new file mode 100644
index 00000000..abdaa461
--- /dev/null
+++ b/datasets/emerging_threats/react2shell/react2shell_windows.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8e559322afb698f7bfd2cb440ee24480870567eb81138ccf0266f0fe5185ff78
+size 22825