diff --git a/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack.log b/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack.log
new file mode 100644
index 00000000..da0bca26
--- /dev/null
+++ b/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8580367d05e70eebe9742b2010d5a849fa645ad875b5bc7d2db1a8f057cbc33b
+size 6110
diff --git a/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack_artifacts.yml b/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack_artifacts.yml
new file mode 100644
index 00000000..fc5ac4e2
--- /dev/null
+++ b/datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack_artifacts.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 5125e5e0-d046-11f0-8a26-629be3538068
+date: '2025-12-03'
+description: Generated datasets for appdomain hijack artifacts in attack range.
+environment: attack_range
+directory: appdomain_hijack_artifacts
+mitre_technique:
+- T1574.014
+datasets:
+- name: appdomain_hijack.log
+  path: /datasets/attack_techniques/T1574.014/appdomain_hijack_artifacts/appdomain_hijack.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file