Merge PR #5132 from @Neo23x0 - Update DNS Query To Remote Access Software Domain From Non-Browser App

update: DNS Query To Remote Access Software Domain From Non-Browser App - Add `getscreen.me`

---------

Co-authored-by: Nasreddine Bencherchali <[email protected]>

Author: Neo23x0

rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml

@@ -23,7 +23,7 @@ references:
     - https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist#disable-quick-assist-within-your-organization
 author: frack113, Connor Martin
 date: 2022-07-11
-modified: 2024-09-13
+modified: 2024-12-17
 tags:
     - attack.command-and-control
     - attack.t1219
@@ -51,6 +51,7 @@ detection:
             - 'dwservice.net'
             - 'express.gotoassist.com'
             - 'getgo.com'
+            - 'getscreen.me'  # https://x.com/malmoeb/status/1868757130624614860?s=12&t=C0_T_re0wRP_NfKa27Xw9w
             - 'integratedchat.teamviewer.com'
             - 'join.zoho.com'
             - 'kickstart.jumpcloud.com'