SentinelOne

Active Node.js Malware Campaign Targeting Manual Reader Applications

Oct 21, 2025 2 min read Intermediate

Threat Hunting Incident Response Malware Node.js EDR CrowdStrike SentinelOne

We’re seeing a significant uptick in a malware campaign that’s affecting multiple customers. This one’s worth knowing about if you’re in a SOC or working with EDR platforms.

The Campaign

Attackers are distributing malicious Node.js payloads disguised as manual reader and document utility applications. The names are designed to look legitimate: AllManualsReader, OpenMyManual, ManualFinder, AppSuitePDF, and OneStart.

Initial distribution appears to be through SEO poisoning. Users search for manuals or document tools, find these applications in search results, and download what they think is a legitimate utility.

Read More
SentinelOne Power Query UI

Jan 1, 0001 1 min read

EDR Security Operations SentinelOne EDR UI
A user interface for SentinelOne query operations to streamline common investigations and hunting workflows.

Features
- Quick query templates
- Saved searches
- Export and sharing
Installation
1. Clone the repository
2. Follow setup instructions in the README
Usage
EDR Query (s1)
```
ProcessName = &#34;powershell.exe&#34; and Tactic = &#34;Execution&#34;
```
Security Considerations
- No credentials are stored in the client
- Follow principle of least privilege for any API tokens (if used by backend components)
Links
- GitHub: https://github.com/pseudosu/sentinelone-power-query-ui
SentinelOne Power Query UI
EDR

User interface for SentinelOne query operations

Read More