From 07b4f88c806d95eb1a83b68e1be93ab74b88552e Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Wed, 18 Mar 2026 01:45:23 +0100
Subject: [PATCH] old but new zerologon

---
 .../attack_techniques/T1212/zerologon/zerologon.log  |  3 +++
 .../attack_techniques/T1212/zerologon/zerologon.yml  | 12 ++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 datasets/attack_techniques/T1212/zerologon/zerologon.log
 create mode 100644 datasets/attack_techniques/T1212/zerologon/zerologon.yml

diff --git a/datasets/attack_techniques/T1212/zerologon/zerologon.log b/datasets/attack_techniques/T1212/zerologon/zerologon.log
new file mode 100644
index 00000000..424f756c
--- /dev/null
+++ b/datasets/attack_techniques/T1212/zerologon/zerologon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7c768652ebe630783e30adb59b19568c88f4754f8e5c8e72c1d7b5ea8d4f2c41
+size 14783
diff --git a/datasets/attack_techniques/T1212/zerologon/zerologon.yml b/datasets/attack_techniques/T1212/zerologon/zerologon.yml
new file mode 100644
index 00000000..d0120701
--- /dev/null
+++ b/datasets/attack_techniques/T1212/zerologon/zerologon.yml
@@ -0,0 +1,12 @@
+author: Nasreddine Bencherchali
+id: 694e402a-dcab-4608-bcbf-7cd7c1a18391
+date: '2026-03-18'
+description: Zerologon attack samples from EVTX-ATTACK-SAMPLES
+environment: custom
+mitre_technique:
+- T1212
+datasets:
+- name: zerologon-logs
+  source: XmlWinEventLog:Security
+  sourcetype: XmlWinEventLog
+  path: /datasets/attack_techniques/T1212/zerologon/zerologon.log