i try to get better at mitre and the framework and i think i got most of it but i have some dificulties regarding Threatmodeling and classifing attackers.
You can sellect certain groups like ATP41 or something but i do not care about a group but i do care about is if the techniques are potential used in a automated or viral attac. if it is used by more basic attacers or if it is only used by “Nation states” how to mape these classes out? So i can build a threat model in att&ck?
for example T1059.001 Scripting interpreters are clearly used by viral and Automated attacks.
Where T1125 video capturing is more likly a manual task and only used by some basic adverary targeting basic people.
Do i miss something?