diff --git a/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_dll_ext.yml b/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_dll_ext.yml
new file mode 100644
index 00000000..a3c21d29
--- /dev/null
+++ b/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_dll_ext.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 6845d30e-29e5-11f1-a458-629be353806a
+date: '2026-03-27'
+description: Generated datasets for rundll32 random dll ext in attack range.
+environment: attack_range
+directory: rundll32_random_dll_ext
+mitre_technique:
+- T1218.011
+datasets:
+- name: rundll32_random_ext.log
+  path: /datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_ext.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_ext.log b/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_ext.log
new file mode 100644
index 00000000..fa955180
--- /dev/null
+++ b/datasets/attack_techniques/T1218.011/rundll32_random_dll_ext/rundll32_random_ext.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:35ff5c023ba0d709145e91fb3623b3563e094fa065c3e5b181b11a0504212d45
+size 5620