diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
new file mode 100644
index 00000000..27a19a39
--- /dev/null
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00816cd9278f3eab0fcb1596d284da35a15dbef9db15a8b4973fac10ebd5dbf3
+size 35886
diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
new file mode 100644
index 00000000..95462cb4
--- /dev/null
+++ b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: f25b05ae-99d7-4f67-917d-5db3d219fcbb
+date: '2025-10-17'
+description: Dataset generated in attack range for the attack technique of download to pipe execution.
+environment: attack_range
+directory: atomic_red_team
+mitre_technique:
+- T1105
+datasets:
+- name: windows-sysmon_curl_upload
+  path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational