Line Runner

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Line Runner](https://attack.mitre.org/software/S1188) is a persistent backdoor and web shell allowing threat actors to upload and execute arbitrary Lua scripts. [Line Runner](https://attack.mitre.org/software/S1188) is associated with the [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) campaign.(Citation: CCCS ArcaneDoor 2024)(Citation: Cisco ArcaneDoor 2024)

Associated Techniques (8)

ID	ATT&CK	Tactics
T1027.015	Compression	-
T1041	Exfiltration Over C2 Channel	-
T1059.011	Lua	-
T1070.004	File Deletion	-
T1071.001	Web Protocols	-
T1505.003	Web Shell	-
T1557	Adversary-in-the-Middle	-
T1653	Power Settings	-

Metadata

ID:	279
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00