HOMETHREATSCloudEyE
APT / THREAT GROUP

CloudEyE

4
aliases
Last seen:Mar 17, 2026

Intelligence Profile

CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.

Threat Analysis

CloudEyE is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases4

Also Known As

vbdropperCloudEyEGuLoaderwin.cloudeye

External Intelligence

Malpedia: win.cloudeye

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
CloudEyE — APT / Threat Group | Threat Intelligence | CTIWATCH.COM