This detection rule identifies instances where the Microsoft Dialer (dialer.exe) initiates an outbound network connection. The Microsoft Dialer is a legacy application included in various versions of Microsoft Windows, originally designed to enable users to manage phone calls via a modem. Given its outdated nature, the Microsoft Dialer is often exploited by attackers for malicious purposes, including data exfiltration through process injection techniques and establishing command and control (C2) communications. One notable example of malware that exploits vulnerabilities related to this process is Rhadamanthys, a known info stealer. Consequently, monitoring outbound network connections initiated by this utility is crucial for discerning potential security threats. The rule filters out legitimate traffic originating from local range IP addresses, thereby focusing on suspicious activities that merit further investigation. This proactive detection approach aids organizations in mitigating risks associated with legacy software vulnerabilities.