Measure if "threat_hunting" ruleset is worth the CPU cost

[tstromberg]

We always downgrade these rules to "medium" - how much CPU time do we waste on them?

I'd argue that if the rules add 3s+ to a bincapz run on a large binary, I'd remove them.

[tstromberg]

While it largely duplicates our current rules, I've seen some good hits from this ruleset:

MED   3P/threat_hunting/discord/rat/2  references 'Discord-RAT-2.0' tool, by mthcht           Advfirewall set allprofiles state off
MED   3P/threat_hunting/file/io        references 'file.io' tool, by mthcht                   https://file.io/
MED   3P/threat_hunting/keylogger      references 'keylogger keyword' tool, by mthcht         Keylogger
                                                                                              keylogger
MED   3P/threat_hunting/netsh          references 'netsh' tool, by mthcht                     NetSh Advfirewall set allprofiles state off
MED   3P/threat_hunting/powershell     references 'powershell' tool, by mthcht                Add-MpPreference -ExclusionPath
MED   3P/threat_hunting/pupy           references 'pupy' tool, by mthcht                      Keylogger
MED   3P/threat_hunting/pyinstaller    references 'pyinstaller' tool, by mthcht               pyinstaller -y -F temp/{fileName}.py

I recommend that we scan our malware corpus, and for the threat_hunting hits that aren't covered elsewhere, incorporate them into our rules base so that we can properly prioritize & organize them.