False Positive? Malware hit for Turkojan C&C

I got a hit that a device on my network (found to be my Dappnode Eth2 Prysm validator) was flagged for possible malware command and control activity. The payload matched the Turkojan C2 command “nxt” from a source port of 30303/TCP (obviously Eth2)

Im fairly confident its a false positive but its also highly suspicious and concerning so I wanted to post here.

Thanks a lot @techiedj

Already having a look at it internally, just in case :wink: