diff --git a/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml b/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml
index 0d00207ad..78e12bf5c 100644
--- a/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml
+++ b/rules/windows/dns_query/dns_query_win_remote_access_software_domains_non_browsers.yml
@@ -23,7 +23,7 @@ references:
     - https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist#disable-quick-assist-within-your-organization
 author: frack113, Connor Martin
 date: 2022-07-11
-modified: 2024-09-13
+modified: 2024-12-17
 tags:
     - attack.command-and-control
     - attack.t1219
@@ -51,6 +51,7 @@ detection:
             - 'dwservice.net'
             - 'express.gotoassist.com'
             - 'getgo.com'
+            - 'getscreen.me'  # https://x.com/malmoeb/status/1868757130624614860?s=12&t=C0_T_re0wRP_NfKa27Xw9w
             - 'integratedchat.teamviewer.com'
             - 'join.zoho.com'
             - 'kickstart.jumpcloud.com'