The good people from Barracuda Labs were kind enough to share a PCAP file from the PHP.net compromize on their blog.
I decided to have a closer look at that PCAP file to see what can be extracted from it. Since the PCAP contains Windows malware I played safe and did all the analysis on a Linux machine with no Internet connectivity.
» Erik Hjelmvik | netresec.com