www.trendmicro.com
Open in
urlscan Pro
2.19.225.40
Public Scan
Submitted URL: https://t.co/1MZszYUMdk
Effective URL: https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html?utm_source=trendmicroresearch&utm_medium=sm...
Submission: On October 09 via api from IN — Scanned from DE
Effective URL: https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html?utm_source=trendmicroresearch&utm_medium=sm...
Submission: On October 09 via api from IN — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" class="gsc-input-field" name="search" title="search" placeholder="Search" autocomplete="off" aria-label="search">
</td>
</tr>
</tbody>
</table>
</div>
</form>Text Content
Trend Detects NVIDIA AI Toolkit Vulnerability | Learn more >
Business
search close
* Solutions
* By Challenge
* By Challenge
* By Challenge
Learn more
* Understand, Prioritize & Mitigate Risks
* Understand, Prioritize & Mitigate Risks
Improve your risk posture with attack surface management
Learn more
* Protect Cloud-Native Apps
* Protect Cloud-Native Apps
Security that enables business outcomes
Learn more
* Protect Your Hybrid World
* Protect Your Hybrid, Multi-Cloud World
Gain visibility and meet business needs with security
Learn more
* Securing Your Borderless Workforce
* Securing Your Borderless Workforce
Connect with confidence from anywhere, on any device
Learn more
* Eliminate Network Blind Spots
* Eliminate Network Blind Spots
Secure users and key operations throughout your environment
Learn more
* See More. Respond Faster.
* See More. Respond Faster.
Move faster than your adversaries with powerful purpose-built XDR,
attack surface risk management, and zero trust capabilities
Learn more
* Extend Your Team
* Extend Your Team. Respond to Threats Agilely
Maximize effectiveness with proactive risk reduction and managed
services
Learn more
* Operationalizing Zero Trust
* Operationalizing Zero Trust
Understand your attack surface, assess your risk in real time, and
adjust policies across network, workloads, and devices from a single
console
Learn more
* By Role
* By Role
* By Role
Learn more
* CISO
* CISO
Drive business value with measurable cybersecurity outcomes
Learn more
* SOC Manager
* SOC Manager
See more, act faster
Learn more
* Infrastructure Manager
* Infrastructure Manager
Evolve your security to mitigate threats quickly and effectively
Learn more
* Cloud Builder and Developer
* Cloud Builder and Developer
Ensure code runs only as intended
Learn more
* Cloud Security Ops
* Cloud Security Ops
Gain visibility and control with security designed for cloud
environments
Learn more
* By Industry
* By Industry
* By Industry
Learn more
* Healthcare
* Healthcare
Protect patient data, devices, and networks while meeting regulations
Learn more
* Manufacturing
* Manufacturing
Protecting your factory environments – from traditional devices to
state-of-the-art infrastructures
Learn more
* Oil & Gas
* Oil & Gas
ICS/OT Security for the oil and gas utility industry
Learn more
* Electric Utility
* Electric Utility
ICS/OT Security for the electric utility
Learn more
* Federal
* Federal
Learn more
* Automotive
* Automotive
Learn more
* 5G Networks
* 5G Networks
Learn more
* Small & Midsized Business Security
* Small & Midsized Business Security
Stop threats with easy-to-use solutions designed for your growing
business
Learn more
* Platform
* Vision One Platform
* Vision One Platform
* Trend Vision One
Our Unified Platform
Bridge threat protection and cyber risk management
Learn more
* AI Companion
* Trend Vision One Companion
Your generative AI cybersecurity assistant
Learn more
* Attack Surface Management
* Attack Surface Management
Stop breaches before they happen
Learn more
* XDR (Extended Detection & Response)
* XDR (Extended Detection & Response)
Stop adversaries faster with a broader perspective and better context to
hunt, detect, investigate, and respond to threats from a single platform
Learn more
* Cloud Security
* Cloud Security
* Trend Vision One™
Cloud Security Overview
The most trusted cloud security platform for developers, security
teams, and businesses
Learn more
* Attack Surface Risk Management for Cloud
* Attack Surface Risk Management for Cloud
Cloud asset discovery, vulnerability prioritization, Cloud Security
Posture Management, and Attack Surface Management all in one
Learn more
* XDR for Cloud
* XDR for Cloud
Extend visibility to the cloud and streamline SOC investigations
Learn more
* Workload Security
* Workload Security
Secure your data center, cloud, and containers without compromising
performance by leveraging a cloud security platform with CNAPP
capabilities
Learn more
* Container Security
* Container Security
Simplify security for your cloud-native applications with advanced
container image scanning, policy-based admission control, and container
runtime protection
Learn more
* File Security
* File Security
Protect application workflow and cloud storage against advanced threats
Learn more
* Endpoint Security
* Endpoint Security
* Endpoint Security Overview
Defend the endpoint through every stage of an attack
Learn more
* XDR for Endpoint
* XDR for Endpoint
Stop adversaries faster with a broader perspective and better context
to hunt, detect, investigate, and respond to threats from a single
platform
Learn more
* Workload Security
* Workload Security
Optimized prevention, detection, and response for endpoints, servers,
and cloud workloads
Learn more
* Industrial Endpoint Security
* Industrial Endpoint Security
Learn more
* Mobile Security
* Mobile Security
On-premises and cloud protection against malware, malicious
applications, and other mobile threats
Learn more
* Network Security
* Network Security
* Network Security Overview
Expand the power of XDR with network detection and response
Learn more
* XDR for Network
* XDR for Network
Stop adversaries faster with a broader perspective and better context
to hunt, detect, investigate, and respond to threats from a single
platform
Learn more
* Network Intrusion Prevention (IPS)
* Network Intrusion Prevention (IPS)
Protect against known, unknown, and undisclosed vulnerabilities in your
network
Learn more
* Breach Detection System (BDS)
* Breach Detection System (BDS)
Detect and respond to targeted attacks moving inbound, outbound, and
laterally
Learn more
* Secure Service Edge (SSE)
* Secure Service Edge (SSE)
Redefine trust and secure digital transformation with continuous risk
assessments
Learn more
* Industrial Network Security
* Industrial Network Security
Learn more
* 5G Network Security
* 5G Network Security
Learn more
* Email Security
* Email Security
* Email Security
Stop phishing, malware, ransomware, fraud, and targeted attacks from
infiltrating your enterprise
Learn more
* Email and Collaboration Security
* Trend Vision One™
Email and Collaboration Security
Stop phishing, ransomware, and targeted attacks on any email service
including Microsoft 365 and Google Workspace
Learn more
* OT Security
* OT Security
* OT Security
Learn about solutions for ICS / OT security.
Learn more
* XDR for OT
* XDR for OT
Stop adversaries faster with a broader perspective and better context
to hunt, detect, investigate, and respond to threats from a single
platform
Learn more
* Industrial Network Security
* Industrial Network Security
Industrial Network Security
* Industrial Endpoint Security
* Industrial Endpoint Security
Learn more
* Threat Insights
* Threat Insights
See threats coming from miles away
Learn more
* Identity Security
* Identity Security
End-to-end identity security from identity posture management to
detection and response
Learn more
* On-Premises Data Sovereignty
* On-Premises Data Sovereignty
Prevent, detect, respond and protect without compromising data
sovereignty
Learn more
* All Products, Services, and Trials
* All Products, Services, and Trials
Learn more
* Research
* Research
* Research
* Research
Learn more
* Research, News, and Perspectives
* Research, News, and Perspectives
Learn more
* Research and Analysis
* Research and Analysis
Learn more
* Security News
* Security News
Learn more
* Zero Day Initiatives (ZDI)
* Zero Day Initiatives (ZDI)
Learn more
* Services
* Our Services
* Our Services
* Our Services
Learn more
* Service Packages
* Service Packages
Augment security teams with 24/7/365 managed detection, response, and
support
Learn more
* Managed XDR
* Managed XDR
Augment threat detection with expertly managed detection and response
(MDR) for email, endpoints, servers, cloud workloads, and networks
Learn more
* Incident Response
* Incident Response
* Incident Response
Our trusted experts are on call whether you're experiencing a breach
or looking to proactively improve your IR plans
Learn more
* Insurance Carriers and Law Firms
* Insurance Carriers and Law Firms
Stop breaches with the best response and detection technology on the
market and reduce clients’ downtime and claim costs
Learn more
* Support Services
* Support Services
Learn more
* Partners
* Partner Program
* Partner Program
* Partner Program Overview
Grow your business and protect your customers with the best-in-class
complete, multilayered security
Learn more
* Partner Competencies
* Partner Competencies
Stand out to customers with competency endorsements that showcase your
expertise
Learn more
* Partner Successes
* Partner Successes
Learn more
* Managed Security Service Provider
* Managed Security Service Provider
Deliver modern security operations services with our industry-leading
XDR
Learn more
* Managed Service Provider
* Managed Service Provider
Partner with a leading expert in cybersecurity, leverage proven
solutions designed for MSPs
Learn more
* Alliance Partners
* Alliance Partners
* Alliance Partners
We work with the best to help you optimize performance and value
Learn more
* Technology Alliance Partners
* Technology Alliance Partners
Learn more
* Find Alliance Partners
* Find Alliance Partners
Learn more
* Partner Resources
* Partner Resources
* Partner Resources
Discover resources designed to accelerate your business’s growth and
enhance your capabilities as a Trend Micro partner
Learn more
* Partner Portal Login
* Partner Portal Login
Login
* Trend Campus
* Trend Campus
Accelerate your learning with Trend Campus, an easy-to-use education
platform that offers personalized technical guidance
Learn more
* Co-Selling
* Co-Selling
Access collaborative services designed to help you showcase the value
of Trend Vision One™ and grow your business
Learn more
* Become a Partner
* Become a Partner
Learn more
* Distributors
* Distributors
Learn more
* Find Partners
* Find Partners
Locate a partner from whom you can purchase Trend Micro solutions
Learn more
* Company
* Why Trend Micro
* Why Trend Micro
* Why Trend Micro
Learn more
* Customer Success Stories
* Customer Success Stories
Learn more
* The Human Connection
* The Human Connection
Learn more
* Industry Accolades
* Industry Accolades
Learn more
* Strategic Alliances
* Strategic Alliances
Learn more
* Compare Trend Micro
* Compare Trend Micro
* Compare Trend Micro
See how Trend outperforms the competition
Let's go
* vs. Crowdstrike
* Trend Micro vs. Crowdstrike
Crowdstrike provides effective cybersecurity through its cloud-native
platform, but its pricing may stretch budgets, especially for
organizations seeking cost-effective scalability through a true single
platform
Let's go
* vs. Microsoft
* Trend Micro vs. Microsoft
Microsoft offers a foundational layer of protection, yet it often
requires supplemental solutions to fully address customers' security
problems
Let's go
* vs. Palo Alto Networks
* Trend Micro vs. Palo Alto Networks
Palo Alto Networks delivers advanced cybersecurity solutions, but
navigating its comprehensive suite can be complex and unlocking all
capabilities requires significant investment
Let's go
* About Us
* About Us
* About Us
Learn more
* Trust Center
* Trust Center
Learn more
* History
* History
Learn more
* Diversity, Equity and Inclusion
* Diversity, Equity and Inclusion
Learn more
* Corporate Social Responsibility
* Corporate Social Responsibility
Learn more
* Leadership
* Leadership
Learn more
* Security Experts
* Security Experts
Learn more
* Internet Safety and Cybersecurity Education
* Internet Safety and Cybersecurity Education
Learn more
* Legal
* Legal
Learn more
* Investors
* Investors
Learn more
* Formula E Racing
* Formula E Racing
Learn more
* Connect With Us
* Connect With Us
* Connect With Us
Learn more
* Newsroom
* Newsroom
Learn more
* Events
* Events
Learn more
* Careers
* Careers
Learn more
* Webinars
* Webinars
Learn more
Back
Back
Back
Back
* Free Trials
* Contact Us
Looking for home solutions?
Under Attack?
3 Alerts
Back
Unread
All
* Trend Detects NVIDIA AI Toolkit Vulnerability
close
Learn more >
* The Illusion of Choice: Uncovering Electoral Deceptions in the Age of AI
close
Read report >
* Shaping the Future of Attack Surface Management
close
See how >
Folio (0)
Support
* Business Support Portal
* Education and Certification
* Contact Support
* Find a Support Partner
Resources
* AI Security
* Trend Micro vs. Competition
* Cyber Risk Index/Assessment
* What Is?
* Threat Encyclopedia
* Cyber Insurance
* Glossary of Terms
* Webinars
Log In
* Vision One
* Support
* Partner Portal
* Cloud One
* Product Activation and Management
* Referral Affiliate
Back
arrow_back
search
close
Content has been added to your Folio
Go to Folio (0) close
Malware
SILENT INTRUSIONS: GODZILLA FILELESS BACKDOORS TARGETING ATLASSIAN CONFLUENCE
Trend Micro discovered that old Atlassian Confluence versions that were affected
by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
By: Abdelrahman Esmail, Sunil Bharti August 30, 2024 Read time: 6 min (1739
words)
Save to Folio
Subscribe
--------------------------------------------------------------------------------
SUMMARY
* Trend Micro researchers identified a new attack vector that exploits the
CVE-2023-22527 through the deployment of an in-memory fileless backdoor known
as the Godzilla webshell. CVE-2023-22527 is a vulnerability affecting older
versions of the Atlassian Confluence Data Center and Server that allows
attackers to perform remote code execution.
* In such an attack, a loader is introduced into a compromised Atlassian
server, subsequently activating the Godzilla webshell.
* Godzilla is a sophisticated Chinese-language backdoor that uses AES
encryption for communication and remains in-memory to avoid disk-based
detection mechanisms.
* Legacy anti-virus solutions struggle to detect fileless malware, so the
discovery of this new kind of attack underscores the importance of regularly
patching servers and using more advanced security solutions.
We observed a new attack vector of weaponization for the vulnerability
CVE-2023-22527 using the Godzilla backdoor. Following initial exploitation, a
loader was loaded into the Atlassian victim server which loads a Godzilla
webshell. On January 16, 2024, Atlassian released a security advisory for
CVE-2023-22527, a vulnerability that affects Confluence Data Center and
Confluence Server products. In response to this, Trend Micro released its own
technical analysis and coverage of the vulnerability, which has also been
associated with crypto-mining activities.
The vulnerability is marked critical with a Common Vulnerability Scoring System
(CVSS) score of 10. By exploiting this flaw, an unauthenticated attacker has the
potential to exploit a template injection vulnerability found in older versions
of Confluence Data Center and Server, enabling remote code execution (RCE) on
the affected instance.
GODZILLA WEBSHELL
Upon analysing the backdoor, it was identified as the Chinese-language Godzilla
in-memory backdoor. This backdoor was developed by a user named “BeichenDream”,
who created it in response to existing webshells frequently being detected by
security products during red team operations. The author claims that Godzilla
avoids detection by using Advanced Encryption Standard (AES) encryption for its
network traffic and boasts a very low static detection rate across various
security vendor products. The project idea of a servlet-based, in-memory shell
for Tomcat and other middleware was first proposed by the user “feihong-cs”.
The main issue with malware fileless techniques is that they are extremely
challenging to detect if customers are relying on legacy anti-virus, which use
signature-based methods, sandboxing, whitelisting, or sometimes even machine
learning protection methods.
INITIAL ACCESS
The attack begins with the exploitation of CVE-2023-22527 using
velocity.struts2.context to execute OGNL object (Figures 1 and 2).
Figure 1. Attack chain
Figure 2. Malicious request for CVE-2023-22527 exploitation
Figure 3. Code snippet of the malicious payload
Diving deep into the malicious payload (Figure 3), we discovered:
* The attacker using OGNL object to read a parameter called x. In the
parameter’s value, through the help of ScriptEngineManager, the attack
evaluates a JavaScript code. The reason the attacker is using objects linking
chains could be because of a OGNL template issue in that if its length is
longer than ~200 characters, it will be blocked based on the
struts.ognl.expressionMaxLength setting.
* As per the JavaScript code, attacker adds the header x_evc_ecneulfnoc to make
sure the object has been loaded successfully, which will be shown in the
response (Figure 4).
Figure 4. The response contains the header in case of successful object loading
* The second part of the JavaScript code has an object called data that
contains Base64, which will be loaded as an anonymous class in-memory using
sun.misc.Unsafe.
MALWARE
After decoding the Base64 value of this anonymous class, its compiled java code
program is called MemGodValueShell.
Figure 5. The MemGodValueShell function
As shown in Figure 5, the MemGodValueShell class has four attributes: uri,
serverName, standardContext, and valveString. These are used to store various
pieces of information during the execution of the class methods.
MemGodValueShell has three methods: getField is a method that uses reflection to
retrieve the value of a private field from an object (Figure 6). It traverses
the class hierarchy to find the field.
Figure 6. The getField method
The second method in the class is getStandardContext (Figure 7). This method
attempts to retrieve the StandardContext object by iterating over all threads in
the current thread group. It checks for threads that are part of the
StandardEngine or Acceptor components of Tomcat. It retrieves various internal
fields using reflection to navigate through the server's internal structure.
Figure 7. getStandardContext method
The last and the main method is the class constructor MemGodValueShell (Figure
8). This constructor method performs several actions:
1. Loads the Valve class from the current thread's context class loader.
2. Retrieves the StandardContext object using the getStandardContext method.
3. Iterates over all threads in the current thread group.
4. For each thread, if it is not named "exec", the method:
* Retrieves the target object of the thread
* Checks if the target object is an instance of Runnable
* Retrieves the global field from the target object
* Iterates over the processors and retrieves the request (req) object
* Retrieves the serverPort, serverNameMB, and decodedUriMB fields from the
request object
* Decodes the valveString from Base64 to a byte array
* Defines a new class using the defineClass method of the ClassLoader
* Instantiates the new class and adds it as a valve to the pipeline of
the StandardContext
Figure 8. MemGodValueShell constructor method
For easy troubleshooting, we printed some data, as shown in Figures 9 and 10:
Figure 9. Custom debugging for the MemGodValueShell constructor method
Figure 10. Custom debugging for the MemGodValueShell constructor method
In summary, MemGodValueShell does the following:
* Reflection Usage – The code heavily uses Java Reflection to access private
fields and methods of classes
* Thread Inspection – It inspects threads to find specific ones related to
Tomcat's StandardEngine and Acceptor
* Dynamic Class Loading – It dynamically loads and defines a class from a
Base64-encoded string
* Valve Injection – It injects a custom valve into the Tomcat pipeline, which
is intended to provide a backdoor or some form of unauthorized access
In dynamic class loading, the MemGodValueShell constructor contains a long
Base64 encoded string in a string variable valveString, which is also the
compiled Java class GodzillaValue (Figure 11). After decompiling it, we the
obtained Java code which is explained below.
Figure 11. Godzilla class
The class GodzillaValue extends ValveBase, indicating that it is a custom Tomcat
valve. It has four fields: xc, pass, md5, and payload. The xc and pass fields
are used for cryptographic operations as xc is a key which has been used in
AES128, while md5 stores an MD5 hash, and payload is used to store a dynamically
loaded class. GodzillaValue class stores the hardcoded xc string
"3c6e0b8a9c15224a" and the pass string "pass" is likely used for authentication
or encryption purposes.
For the methods, we have the following:
* md5 – calculates MD5 hash
* base64Encode – Base64 encode
* base64Decode – Base64 decode
* x – AES encryption/decryption method
* Invoke – the overwritten valve class method which handles HTTP requests and
responses (Figure 12)
Figure 12. Godzilla Invoke method
It seems that the Invoke method is waiting for the next part of the attack
payload, which will complete the cycle of the attack. But we never received this
part in our honeypots, which will make this kind of shell idle until it receives
the payload class. Based on this, the threat actor may be building their own
botnet network.
Based on the Godzilla source code analysis in Figure 12, we can easily guess
that class payload should be as the following (Figure 13):
Figure 13. Custom sample of the payload class
Based on our assumption, if we send a POST request with Accept-Language header
“zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2” and the pass
parameter value has the Java-compiled data of payload class encrypted with
parameter xc, it should initialized the payload class. We tried this, as shown
in Figure 14, and Figure 15 shows how we successfully loaded the payload object.
Figure 14. HTTP request to initialize payload class
Figure 15. Logs which show successfully loading the payload object
Now, we can try to determine if our shell works: To prepare our command, the
encrypted command should be “AES128(Base64encoded(command))” and the AES key
should be the xc parameter in GodzillaValue class (Figure 16).
Figure 16. Command sample
This worked, but going back to the GodzillaValue class, we noticed that the
first and last 16 characters of the result is “md5(pass+xc)”. Also, the command
execution result is “AES128(base64encode(result))” encrypted with the xc key
(Figure 17). Let’s revert these cryptographic operations to get our result
(Figure 18).
Figure 17. Command execution sample
Figure 18. Command execution result after decrypting and decoding
VISION ONE HUNTING QUERIES
Hunting query if Atlassian Java executed commands:
> (eventSubId:2 AND processCmd:atlassian AND parentCmd:atlassian AND
> parentCmd:java AND (objectName:*\\Windows\\System32\\* OR objectName:*bin/*))
CONCLUSION
The CVE-2023-22527 vulnerability continues to be widely exploited by a wide
range of threat actors who abuse this vulnerability to perform malicious
activities, making it a significant security risk to organizations worldwide.
The users of Atlassian Confluence are advised to immediately patch their servers
and mitigate the risks associated with this attack. Leveraging security
solutions such as Trend Vision One™️ can assist organizations in safeguarding
their environment from threat actors and attacks like the one described in
initial stages of the attack.
Trend Vision One™ – Endpoint Security provides protection from any threats that
may target this vulnerability via the following Deep Packet Inspection (DPI)
rule:
* 1011954 - Atlassian Confluence Data Center and Server Template Injection
Vulnerability (CVE-2023-22527)
TippingPoint has posted a Customer Shield Writer (CSW) file for this
vulnerability that is available for customers to download on Threat Management
Center (TMC). The applicable rule is as follows:
* 43721 - HTTP: Atlassian Confluence Data Center and Server Template Injection
Vulnerability
Trend Micro Cloud One – Workload Security helps defend a variety of environments
such as virtual, physical, cloud, and containers against this threat via this
rule:
* 1011954 - Atlassian Confluence Data Center and Server Template Injection
Vulnerability (CVE-2023-22527)
Trend Micro Deep Discovery Inspector customers are protected with the following
rule:
* DDI RULE 4990 - CVE-2023-22527 - Atlassian OGNL Injection Exploit - HTTP
(Request)
INDICATORS OF COMPROMISE (IOC)
Hash Detection dfeccdc0c1d28f1afd64a7bb328754d07eead10c TROJ_FRS.VSNTH724
2cb94ce0b147303b7beb91f034d0dc7fa734dbcb Backdoor.JS.WEBSHELL.VSNW08H24
MITRE ATT&CK TECHNIQUES
Tactic Technique Technique ID Initial Access Exploit Public-Facing Application
T1190 Execution Command and Scripting Interpreter: Unix Shell T1059.004
Defense Evasion Obfuscated Files or Information: Encrypted/Encoded File
T1027.013 Reflective Code Loading T1620 Obfuscated Files or Information:
Embedded Payloads T1027.009 Process Injection: Thread Execution Hijacking
T1055.003 Deobfuscate/Decode Files or Information T1140 Command and Control
Encrypted Channel: Symmetric Cryptography T1573.001 Persistence Server Software
Component: Web Shell T1505.003 Exfiltration Exfiltration Over Alternative
Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol T1048.001
Tags
Malware | Articles, News, Reports | Research
AUTHORS
* Abdelrahman Esmail
Sr. Engineer
* Sunil Bharti
Senior Threat Researcher
Contact Us
Subscribe
RELATED ARTICLES
* New SLUB Backdoor Uses GitHub, Communicates via Slack
* Rogue AI: What the Security Community is Missing
* MDR in Action: Preventing The More_eggs Backdoor From Hatching
See all articles
Experience our unified platform for free
* Claim your 30-day trial
*
*
*
*
*
RESOURCES
* Blog
* Newsroom
* Threat Reports
* Find a Partner
*
*
SUPPORT
* Business Support Portal
* Contact Us
* Downloads
* Free Trials
*
*
ABOUT TREND
* About Us
* Careers
* Locations
* Upcoming Events
* Trust Center
*
Country Headquarters
Trend Micro - United States (US)
225 East John Carpenter Freeway
Suite 1500
Irving, Texas 75062
Phone: +1 (817) 569-8900
Select a country / region
United States expand_more
close
THE AMERICAS
* United States
* Brasil
* Canada
* México
MIDDLE EAST & AFRICA
* South Africa
* Middle East and North Africa
EUROPE
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Nederland
* Norge (Norway)
* Polska (Poland)
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
ASIA & PACIFIC
* Australia
* Центральная Азия (Central Asia)
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* Монголия (Mongolia) and рузия (Georgia)
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
Privacy | Legal | Accessibility | Site map
Copyright ©2024 Trend Micro Incorporated. All rights reserved
Copyright ©2024 Trend Micro Incorporated. All rights reserved
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
This website uses cookies for website functionality, traffic analytics,
personalization, social media functionality and advertising. Our Cookie Notice
provides more information and explains how to amend your cookie settings.Learn
more
Cookies Settings Accept
✓
Danke für das Teilen!
AddToAny
Mehr…
BDOW!
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word word word word word word word word word
word word word word word word word word
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1
mmMwWLliI0fiflO&1