JPCERT documented commonly available tools observed in Lazarus intrusions, emphasizing that the group supplements malware with legitimate utilities after gaining access. For lateral movement and network discovery, the excerpt names AdFind for Active Directory enumeration, SMBMap for accessible SMB shares, and Responder-Windows for LLMNR, NBT-NS, and WPAD spoofing. For credential and data theft, it highlights XenArmor password recovery tools and WinRAR, while noting that Lazarus malware can also archive data with zlib. Additional tools such as TightVNC Viewer, ProcDump, tcpdump, and wget-like Windows utilities show how dual-use software can support remote access, LSASS memory dumping, packet capture, and post-compromise operations that may evade antivirus detection.