Rating:
Third flag and the first in IceID document was also fairly simple. In fact it was also in macro only ROT-13 encoded. If we guessed the ROT-13 part we could just use olevba + cyberchef for this. I was honestly expecting some a little bit harder ofuscation, and I also wanted to find a second flag as well (there should be 2 flags in this document), I opted to run and debug macro. From my experience always it's easier to let malware run and deobfuscate/decypt itself insted of staticly analysing it. Because macro was heavily castrated it initially didn't want to run
macro
But few tweaks later I managed to run it and correctly decrypt the flag
