May 28, 2026
C2 Hosts: 1
CloudEyE
Also known as: GuLoader, vbdropper
CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| May 28, 2026 | 1 |
Further Reading
New TACTICAL#OCTOPUS Attack Campaign Targets US Entities with Malware Bundled in Tax-Themed Documents opens in a new tab
Stay informed about the TACTICAL#OCTOPUS campaign targeting US victims with tax-themed phishing emails, malware infiltration, and evasion tactics.
securonix.com
How To Guide | Dissecting the new shellcode-based variant of GuLoader (CloudEyE) | Spamhaus Technology opens in a new tab
spamhaus.com
AZORult Delivered by GuLoader | Malware Analysis Spotlight | VMRay opens in a new tab
Read the VMRay Labs Team's analysis of a delivery chain that uses malicious e-mail attachments and GuLoader to spread AZORult
vmray.com
Threat Bulletin: Dissecting GuLoader’s Evasion Techniques - VMRay opens in a new tab
Read the VMRay Labs Team's analysis of GuLoader, a new downloader that uses a combination of techniques that evade sandboxes.
vmray.com