Derp.ca

CloudEyE

Also known as: GuLoader, vbdropper

CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.

C2 Infrastructure

Hosting/VPS86%
Business14%

Last 7 days

Apr 16, 2026
C2 Hosts: 3
Apr 15, 2026
C2 Hosts: 1
Apr 14, 2026
C2 Hosts: 1
Apr 13, 2026
C2 Hosts: 3

Further Reading

New TACTICAL#OCTOPUS Attack Campaign Targets US Entities with Malware Bundled in Tax-Themed Documents

Stay informed about the TACTICAL#OCTOPUS campaign targeting US victims with tax-themed phishing emails, malware infiltration, and evasion tactics.

securonix.com
How To Guide | Dissecting the new shellcode-based variant of GuLoader (CloudEyE) | Spamhaus Technology
spamhaus.com
AZORult Delivered by GuLoader | Malware Analysis Spotlight | VMRay

Read the VMRay Labs Team's analysis of a delivery chain that uses malicious e-mail attachments and GuLoader to spread AZORult

vmray.com
Threat Bulletin: Dissecting GuLoader’s Evasion Techniques - VMRay

Read the VMRay Labs Team's analysis of GuLoader, a new downloader that uses a combination of techniques that evade sandboxes.

vmray.com