AADInternals
MITRE
Malware Type:
Tool
Tool
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[AADInternals](https://attack.mitre.org/software/S0677) is a PowerShell-based framework for administering, enumerating, and exploiting Azure Active Directory. The tool is publicly available on GitHub.(Citation: AADInternals Github)(Citation: AADInternals Documentation)
Associated Techniques (24)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.004 | LSA Secrets | - |
| T1048 | Exfiltration Over Alternative Protocol | - |
| T1059.001 | PowerShell | - |
| T1069.003 | Cloud Groups | - |
| T1087.004 | Cloud Account | - |
| T1098.005 | Device Registration | - |
| T1112 | Modify Registry | - |
| T1136.003 | Cloud Account | - |
| T1484.002 | Trust Modification | - |
| T1526 | Cloud Service Discovery | - |
| T1528 | Steal Application Access Token | - |
| T1530 | Data from Cloud Storage | - |
| T1552.001 | Credentials In Files | - |
| T1552.004 | Private Keys | - |
| T1556.006 | Multi-Factor Authentication | - |
Used by Actors (2)
Metadata
| ID: | 711 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |