Add: sigma rules (#175)

rules/sigma/windows/malware/av_hacktool.yml

@@ -0,0 +1,30 @@
+
+title: Antivirus Hacktool Detection
+author: Florian Roth
+date: 2021/08/16
+description: Detects a highly relevant Antivirus alert that reports a hack tool or
+  other attack tool
+detection:
+  SELECTION_1:
+    Signature:
+    - HTOOL*
+    - HKTL*
+    - SecurityTool*
+    - ATK/*
+  SELECTION_2:
+    Signature:
+    - '*Hacktool*'
+  condition: (SELECTION_1 or SELECTION_2)
+falsepositives:
+- Unlikely
+fields:
+- FileName
+- User
+id: fa0c05b6-8ad3-468d-8231-c1cbccb64fba
+level: high
+logsource:
+  product: antivirus
+references:
+- https://www.nextron-systems.com/2021/08/16/antivirus-event-analysis-cheat-sheet-v1-8-2/
+tags:
+- attack.execution