separate rules to submodule (#304)

* rm: rules

* Add: hayabusa-rules to submodule

rules/sigma/powershell/powershell_script/powershell_dnscat_execution.yml

@@ -1,26 +0,0 @@
-
-title: Dnscat Execution
-author: Daniil Yugoslavskiy, oscd.community
-date: 2019/10/24
-description: Dnscat exfiltration tool execution
-detection:
-  SELECTION_1:
-    ScriptBlockText: '*Start-Dnscat2*'
-  condition: SELECTION_1
-falsepositives:
-- Legitimate usage of PowerShell Dnscat2 — DNS Exfiltration tool (unlikely)
-id: a6d67db4-6220-436d-8afc-f3842fe05d43
-level: critical
-logsource:
-  category: ps_script
-  definition: Script block logging must be enabled
-  product: windows
-modified: 2021/10/16
-status: experimental
-tags:
-- attack.exfiltration
-- attack.t1048
-- attack.execution
-- attack.t1059.001
-- attack.t1086
-ruletype: SIGMA