@verovaleros While I agree the Enterprise matrix is "enterprise centric", it looks like most techniques would work. I haven't really thought of a usecase to map home infections to the ATT&CK framework but I think it's possible.
Since you compare internal lateral movement to scanning/attacking the internet you could also go for "T1584.005 Compromise Infrastructure: Botnet" maybe a small botnet but it might be less of a stretch since the compromise was likely not targeted (so there might be more infected devices under control of the actor) and the infected device is used as a proxy.