Security experts collected further evidences of the link between the CosmicDuke, Miniduke and OnioDuke Advanced Persistent Threat campaigns. Experts at F-Secure have analyzed malicious documents uploaded to the Free Online Virus, Malware and URL Scanner service VirusTotal. The documents used for the cyber espionage campaign against the Ministry of Foreign Affairs in Europe reference the EU sanctions against Russia over the crisis in Ukraine, the attackers used social engineering tactics to trick users into enabling macros, a necessary step to allow the cosmicDuke infection.”]
Source: https://securityaffairs.co/wordpress/32071/cyber-warfare-2/miniduke-cosmicduke-onionduke.html