{"description": "Enterprise techniques used by dsquery, ATT&CK software S0105 (v1.4)", "name": "dsquery (S0105)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1087", "showSubtechniques": true}, {"techniqueID": "T1087.002", "comment": "[dsquery](https://attack.mitre.org/software/S0105) can be used to gather information on user accounts within a domain.(Citation: TechNet Dsquery)(Citation: Mandiant APT41)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1482", "comment": "[dsquery](https://attack.mitre.org/software/S0105) can be used to gather information on domain trusts with dsquery * -filter \"(objectClass=trustedDomain)\" -attr *.(Citation: Harmj0y Domain Trusts)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1069", "showSubtechniques": true}, {"techniqueID": "T1069.002", "comment": "[dsquery](https://attack.mitre.org/software/S0105) can be used to gather information on permission groups within a domain.(Citation: TechNet Dsquery)(Citation: Mandiant APT41)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1082", "comment": "[dsquery](https://attack.mitre.org/software/S0105) has the ability to enumerate various information, such as the operating system and host name, for systems within a domain.(Citation: Mandiant APT41)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by dsquery", "color": "#66b1ff"}]}