diff --git a/datasets/attack_techniques/T1212/zerologon/zerologon.log b/datasets/attack_techniques/T1212/zerologon/zerologon.log
new file mode 100644
index 00000000..424f756c
--- /dev/null
+++ b/datasets/attack_techniques/T1212/zerologon/zerologon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7c768652ebe630783e30adb59b19568c88f4754f8e5c8e72c1d7b5ea8d4f2c41
+size 14783
diff --git a/datasets/attack_techniques/T1212/zerologon/zerologon.yml b/datasets/attack_techniques/T1212/zerologon/zerologon.yml
new file mode 100644
index 00000000..d0120701
--- /dev/null
+++ b/datasets/attack_techniques/T1212/zerologon/zerologon.yml
@@ -0,0 +1,12 @@
+author: Nasreddine Bencherchali
+id: 694e402a-dcab-4608-bcbf-7cd7c1a18391
+date: '2026-03-18'
+description: Zerologon attack samples from EVTX-ATTACK-SAMPLES
+environment: custom
+mitre_technique:
+- T1212
+datasets:
+- name: zerologon-logs
+  source: XmlWinEventLog:Security
+  sourcetype: XmlWinEventLog
+  path: /datasets/attack_techniques/T1212/zerologon/zerologon.log