# KubeArmor is an open source software that enables you to protect your cloud workload at run-time.
# To learn more about KubeArmor visit: 
# https://www.accuknox.com/kubearmor/ 

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata: 
  name: ksp-mitre-kinsing-cryptomining-malware-block
  namespace: default # Change your namespace
spec: 
  message: "Incident! Kinsing crypto mining attack is Blocked"
  tags : ["MITRE", "T1496", "S0599", "MALWARE", "T1059.004", "T1059", "Crypto Mining", "CVE-2020-7961"]
  selector: 
    matchLabels: 
      app: frontend # Change your matchLabels
  process:
    severity: 1
    matchPaths:
      - path: /tmp/kdevtmpfsi
      - path: /var/tmp/kinsing
    action: Block
  file: 
    severity: 2
    matchPaths: 
      - path: /tmp/kdevtmpfsi
      - path: /var/tmp/kinsing
      - path: /tmp/zzz
    action: Audit