APT / THREAT GROUP
CloudEyE
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.
Threat Analysis
CloudEyE is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
Also Known As
vbdropperCloudEyEGuLoaderwin.cloudeye
External Intelligence
Malpedia: win.cloudeyeResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.