separate rules to submodule (#304)

* rm: rules

* Add: hayabusa-rules to submodule

rules/sigma/powershell/powershell_module/powershell_decompress_commands.yml

@@ -1,30 +0,0 @@
-
-title: PowerShell Decompress Commands
-author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
-date: 2020/05/02
-description: A General detection for specific decompress commands in PowerShell logs.
-  This could be an adversary decompressing files.
-detection:
-  SELECTION_1:
-    Payload: '*Expand-Archive*'
-  condition: SELECTION_1
-falsepositives:
-- unknown
-id: 1ddc1472-8e52-4f7d-9f11-eab14fc171f5
-level: informational
-logsource:
-  category: ps_module
-  definition: PowerShell Module Logging must be enabled
-  product: windows
-modified: 2021/10/16
-references:
-- https://github.com/OTRF/detection-hackathon-apt29/issues/8
-- https://threathunterplaybook.com/evals/apt29/detections/4.A.3_09F29912-8E93-461E-9E89-3F06F6763383.html
-related:
-- id: 81fbdce6-ee49-485a-908d-1a728c5dcb09
-  type: derived
-status: experimental
-tags:
-- attack.defense_evasion
-- attack.t1140
-ruletype: SIGMA