Esc
Restore Object
Definition
Restoring an object for an entity to access. This is the broadest class for object restoral.
Artifact Relationships:
This defensive technique is related to specific artifacts. Click the artifact node for more information.
Technique Subclasses
There are 7 techniques in this category, Restore Object.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Restore Object | D3-RO | Restoring an object for an entity to access. This is the broadest class for object restoral. | |
| - Restore Software | D3-RS | Restoring software to a host. | |
| - Restore Configuration | D3-RC | Restoring an software configuration. | |
| - Restore Database | D3-RD | Restoring the data in a database. | |
| - Restore Email | D3-RE | Restoring an email for an entity to access. | |
| - Restore Disk Image | D3-RDI | Restoring a previously captured disk image a hard drive. | |
| - Restore File | D3-RF | Restoring a file for an entity to access. |
Related ATT&CK Techniques:
These mappings are inferred, experimental, and will improve as the
knowledge graph grows.
These offensive techniques are determined related because of the way this defensive technique,, , , and .
Lateral Movement
Software Deployment Tools
Internal Spearphishing
Privilege Escalation
Abuse Elevation Control Mechanism
Event Triggered Execution
Process Injection
Boot or Logon Autostart Execution
Access Token Manipulation
Create or Modify System Process
Boot or Logon Initialization Scripts
Hijack Execution Flow
Scheduled Task/Job
Domain or Tenant Policy Modification
Command And Control
Encrypted Channel
Application Layer Protocol
Impact
Data Encrypted for Impact
Data Manipulation
Inhibit System Recovery
Collection
Automated Collection
Data Staged
Archive Collected Data
Data from Information Repositories
Data from Local System
Input Capture
Email Collection
Discovery
System Network Configuration Discovery
Cloud Service Dashboard
System Location Discovery
Software Discovery
Remote System Discovery
System Owner/User Discovery
Cloud Service Discovery
File and Directory Discovery
Query Registry
Group Policy Discovery
Virtualization/Sandbox Evasion
Persistence
Office Application Startup
Event Triggered Execution
Boot or Logon Autostart Execution
Create or Modify System Process
Server Software Component
Boot or Logon Initialization Scripts
Hijack Execution Flow
Modify Authentication Process
Scheduled Task/Job
Pre-OS Boot
Software Extensions
Compromise Host Software Binary
Modify Registry
Initial Access
Phishing
Supply Chain Compromise
Execution
Software Deployment Tools
User Execution
Command and Scripting Interpreter
Scheduled Task/Job
Credential Access
Exploitation for Credential Access
Unsecured Credentials
Credentials from Password Stores
Modify Authentication Process
OS Credential Dumping
Forced Authentication
Input Capture
Steal or Forge Authentication Certificates
Defense Evasion
Abuse Elevation Control Mechanism
Indicator Removal
Masquerading
System Binary Proxy Execution
Process Injection
Impair Defenses
Access Token Manipulation
Obfuscated Files or Information
Hide Artifacts
Trusted Developer Utilities Proxy Execution
Hijack Execution Flow
Deobfuscate/Decode Files or Information
Modify Authentication Process
Modify Cloud Compute Infrastructure
Rogue Domain Controller
Rootkit
Pre-OS Boot
Modify Cloud Resource Hierarchy
File and Directory Permissions Modification
Subvert Trust Controls
Domain or Tenant Policy Modification
XSL Script Processing
Modify Registry
Virtualization/Sandbox Evasion
Exfiltration
Exfiltration Over C2 Channel
Exfiltration Over Alternative Protocol