diff --git a/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/ffmpeg_event.log b/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/ffmpeg_event.log
new file mode 100644
index 00000000..10ac96fc
--- /dev/null
+++ b/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/ffmpeg_event.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5fb7a2ffd73e1c363363d4178785ffc17685af82b70ff3f513582b376e0a9ca7
+size 4741
diff --git a/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/salat_stealer_ffmpeg.yml b/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/salat_stealer_ffmpeg.yml
new file mode 100644
index 00000000..74283699
--- /dev/null
+++ b/datasets/attack_techniques/T1125/salat_stealer_ffmpeg/salat_stealer_ffmpeg.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: eb855e6c-543b-11f1-8233-629be3538068
+date: '2026-05-20'
+description: Generated datasets for salat stealer ffmpeg in attack range.
+environment: attack_range
+directory: salat_stealer_ffmpeg
+mitre_technique:
+- T1125
+datasets:
+- name: ffmpeg_event.log
+  path: /datasets/attack_techniques/T1125/salat_stealer_ffmpeg/ffmpeg_event.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file