Analyzing the characteristics of scanning activities generated by compromised Internet-of-Things (IoT) devices is instrumental for early detection of IoT malware propagation. In this letter, we leverage about 3 TB of empirical passive network measurements to investigate IoT-generated scanning activities. Specifically, we exploit stochastic processes to model low-rate scans by incorporating the effect of random sampling and jitter on the observed packet Inter-Arrival Times (IAT). We verify the derived formulations using simulated results and empirically explore scans targeting common services (Telnet and HTTP) to demonstrate the effectiveness of our approach towards modeling low-rate scans while generating practical cyber threat intelligence.