Feature/rm submodule (#312)

* rm: submodule

* Add: rules

* Fix: hayabusa-rules to c9c10a

rules/sigma/deprecated/powershell_suspicious_invocation_generic.yml

@@ -0,0 +1,32 @@
+
+title: Suspicious PowerShell Invocations - Generic
+ruletype: Sigma
+author: Florian Roth (rule)
+date: 2017/03/12
+description: Detects suspicious PowerShell invocation command parameters
+detection:
+  SELECTION_1:
+  - ' -enc '
+  - ' -EncodedCommand '
+  SELECTION_2:
+  - ' -w hidden '
+  - ' -window hidden '
+  - ' -windowstyle hidden '
+  SELECTION_3:
+  - ' -noni '
+  - ' -noninteractive '
+  condition: ((SELECTION_1) and (SELECTION_2) and (SELECTION_3))
+falsepositives:
+- Penetration tests
+- Very special / sneaky PowerShell scripts
+id: 3d304fda-78aa-43ed-975c-d740798a49c1
+level: high
+logsource:
+  product: windows
+  service: powershell
+modified: 2021/12/02
+status: deprecated
+tags:
+- attack.execution
+- attack.t1059.001
+- attack.t1086