Plainbit examines CISA-listed address 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk, a high-risk Ryuk ransomware cluster address tagged with North Korea indicators in QLUE. The wallet received and sent 10 BTC across four transactions on 2018-09-14, with the initial 10 BTC arriving from Gemini in a pattern assessed as likely ransom payment activity. Follow-on tracing shows the funds split across multiple paths to services and exchanges including Discus Fish, Bittrex, Binance, LocalBitcoins, and Coinpayments, with some movement using peel-chain behavior to complicate tracing. A substantial amount also moved to 33bEYhASee8UhJrdprWS7orzZT2i8eNEug, which Plainbit assesses may belong to an unidentified exchange because of its high transaction volume.