Reshape actor configs to be modelled after the MITRE ATT&CK framework

[kkneomis]

Rather than being an arbitrary hodgepodge of key values pairs, the actor configs should be modeled after the Mitre Att&ck framework.
Primarily, the outer keys should correspond to the categories in MitreAttack
See: https://attack.mitre.org/matrices/enterprise/

Proposed example actor config

metadata:
  name: arsenalpt
  effectiveness: 70
  count_init_passive_dns: 4
  max_wave_size: 3
  activity_start_date: "2023-06-01"
  activity_end_date: "2023-07-13"
  activity_start_hour: 14
  workday_length_hours: 10
  working_days:
    - Monday
    - Tuesday
    - Wednesday
    - Thursday
    - Friday
reconnaissance:
  recon_search_terms:
    - "research facility"
    - "researchers"
    - "research managers"
    - "radstone research"
    - "government"
    - "projects"
resource_development:
  domain_themes:
    - research
    - management
    - equipment
    - government
    - funding
  tlds:
    - com
  malware:
    - aptrad
initial_access:
  attacks:
    - recon:browsing
    - identity:password_spray
    - watering_hole:phishing
    - watering_hole:malware_delivery
  watering_hole_target_roles:
    - Director of Research
    - Research Scientist
    - Research Assistant
    - Research Coordinator
    - Biostatistician
    - Clinical Research Coordinator
    - Data Manager
    - Lab Technician
    - Research Administrator
    - Postdoctoral Fellow
    - Grant Writer
  watering_hole_domains:
    - lifecarepharmaco.com
  spoofs_email: True
discovery:
  commands:
    - name: cmd.exe
      process: net share
    - name: cmd.exe
      process: cmd.exe /C net group "Domain Admins" /domain
    - name: netstat.exe
      process: netstat -aon
    - name: cmd.exe
      process: cmd.exe /c ping %userdomain%
lateral_movement:
  actions:
    - internal_spearphishing
    - pass_the_hash
    - lateral_tool_transfer
exfiltration:
  commands:
    - name: cmd.exe
      process: net share
    - name: cmd.exe
      process: cmd.exe /C net group "Domain Admins" /domain
  actions:
    - encrypt_file
    - drop_ransom_note