We get these reports, of yet i havent found any to be false positives, I notify customers of s detected risk once then leave it on them. However we now have one thats reporting mirai botnet drone detection. We notified the customer, it went away for a like a week and has resurfaced. hes got some ingenius gateway thing, looks like its an IP camera/filesharing/gps location tracking deal.
Before I shut this customer off, I just want to be able to verify this isnt a false positive. There are many scanners for this online but will only scan the IP that originates, we did send him a link The tools for scanning appears to limit to local subnet only. shadowservers report isnt all that clear on whether its simply detected a vulnerability, or has detected a fingerprint of the infection, If it didnt specifically name the infection I would assume the former.
