DCSO describes “Jupiter,” a previously little-documented PureBasic malware family it attributes to Andariel, a North Korean Lazarus subgroup. The malware has appeared sporadically since 2020, including an OSPREY-signed sample tied to an attempted attack on a German medical or pharmaceutical company and a sample later referenced in CISA’s H0lygh0st ransomware advisory. A fresh 2023 sample contained C2 configuration suggesting possible abuse of India’s National Institute of Virology web presence, although DCSO could not prove the server was actively compromised. Jupiter provides basic download and shell-command execution functions, with command output returned to C2, and the targeting context aligns with DPRK interest in healthcare and medical research during and after the COVID-19 pandemic.