diff --git a/source/threat-hunting/index.md b/source/threat-hunting/index.md
index 0e6e561..ff466bf 100644
--- a/source/threat-hunting/index.md
+++ b/source/threat-hunting/index.md
@@ -2,7 +2,7 @@
 title: Splunk Threat Hunting
 layout: page
 date: 2025-01-15
-updated: 2025-11-30
+updated: 2025-12-02
 ---
 
 - [Generate ad_users.csv](ldap-ad-users)
@@ -122,6 +122,7 @@ updated: 2025-11-30
 - [Unusual printui.exe path](unusual-printui-exe-path)
 - [User Login with Local Credentials](user-login-with-local-credentials)
 - [VSCode tunnel](vscode-tunnel)
+- [Veeam backup job deleted](veeam-backup-delete)
 - [Veeam credential extraction](veeam-credential-extraction)
 - [Volt Typhoon IOC](volt-typhoon-ioc)
 - [Volume Shadow Copy](volume-shadow-copy)
diff --git a/source/threat-hunting/veeam-backup-delete.md b/source/threat-hunting/veeam-backup-delete.md
new file mode 100644
index 0000000..d12951f
--- /dev/null
+++ b/source/threat-hunting/veeam-backup-delete.md
@@ -0,0 +1,12 @@
+---
+title: Veeam backup job deleted
+layout: page
+date: 2025-12-02
+---
+
+References: [1](https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware/#impact), [2](https://helpcenter.veeam.com/docs/vbr/events/event_23090.html?ver=13)
+SPL:
+
+```spl
+index="windows" source="XmlWinEventLog:Veeam-Backup" EventID="23090"
+```