the same functionality can be implemented by admin scripts, correlate with name and creator

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/windows/powershell/powershell_script/posh_ps_resolve_list_of_ip_from_file.yml>sigma
technicques: t1020

Techniques

Detects PowerShell scripts that have capabilities to read files, loop through them and resolve DNS host entries.

condition: selection
selection:
  ScriptBlockText|contains|all:
  - 'Get-content '
  - foreach
  - '[System.Net.Dns]::GetHostEntry'
  - Out-File