separate rules to submodule (#304)

* rm: rules

* Add: hayabusa-rules to submodule

rules/sigma/powershell/powershell_script/powershell_suspicious_windowstyle.yml

@@ -1,29 +0,0 @@
-
-title: Suspicious PowerShell WindowStyle Option
-author: frack113
-date: 2021/10/20
-description: Adversaries may use hidden windows to conceal malicious activity from
-  the plain sight of users. In some cases, windows that would typically be displayed
-  when an application carries out an operation can be hidden
-detection:
-  SELECTION_1:
-    ScriptBlockText: '*powershell*'
-  SELECTION_2:
-    ScriptBlockText: '*WindowStyle*'
-  SELECTION_3:
-    ScriptBlockText: '*Hidden*'
-  condition: (SELECTION_1 and SELECTION_2 and SELECTION_3)
-falsepositives:
-- Unknown
-id: 313fbb0a-a341-4682-848d-6d6f8c4fab7c
-level: medium
-logsource:
-  category: ps_script
-  product: windows
-references:
-- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1564.003/T1564.003.md
-status: experimental
-tags:
-- attack.defense_evasion
-- attack.t1564.003
-ruletype: SIGMA