Good article. Not much of the infosec world looks at these kind of bottom-feeder attacks - they'd rather concentrate on fancy, high powered or high dollar attacks.
Also has great, modest, explanations of the attacks, complete with references so you can decide for yourself if the author has correctly attributed which type of vulnerability the bottom- feeders are looking for.
Nice article, quite often I've seen similar things in logs and wondered about the details, but most of those would be obvious wordpress exploit attempts (not hosting wordpress tho).
Makes one wonder how much time/energy/resources is spent on such botnets.
But many aren't. The author shows Shell Shock code, and even retrieves a UPX packed executable.
One could just as easily assume that the mere scans are aggregated and sold later. If your HTTP server gives back a file "aws.yml", the URL may just get sold. It's well known that cyber criminals work in an economy with division of labor, and specialize in particular skills.
Also has great, modest, explanations of the attacks, complete with references so you can decide for yourself if the author has correctly attributed which type of vulnerability the bottom- feeders are looking for.