diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6cb55521..ee513bc6f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,7 @@
 - Update Metadata type in capa main [#1411](https://github.com/mandiant/capa/issues/1411) [@Aayush-Goel-04](https://github.com/aayush-goel-04) @manasghandat
 - Python 3.8 is now the minimum supported Python version #1578 @williballenthin
 
-### New Rules (23)
+### New Rules (24)
 
 - load-code/shellcode/execute-shellcode-via-windows-callback-function ervin.ocampo@mandiant.com jakub.jozwiak@mandiant.com
 - nursery/execute-shellcode-via-indirect-call ronnie.salomonsen@mandiant.com
@@ -38,6 +38,7 @@
 - host-interaction/memory/create-new-application-domain-in-dotnet jakub.jozwiak@mandiant.com
 - host-interaction/gui/switch-active-desktop jakub.jozwiak@mandiant.com
 - host-interaction/service/query-service-configuration @mr-tz
+- anti-analysis/anti-av/patch-event-tracing-for-windows-function jakub.jozwiak@mandiant.com
 -
 
 ### Bug Fixes
diff --git a/README.md b/README.md
index 7f2542be6..6094a3b3f 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/flare-capa)](https://pypi.org/project/flare-capa)
 [![Last release](https://img.shields.io/github/v/release/mandiant/capa)](https://github.com/mandiant/capa/releases)
-[![Number of rules](https://img.shields.io/badge/rules-811-blue.svg)](https://github.com/mandiant/capa-rules)
+[![Number of rules](https://img.shields.io/badge/rules-812-blue.svg)](https://github.com/mandiant/capa-rules)
 [![CI status](https://github.com/mandiant/capa/workflows/CI/badge.svg)](https://github.com/mandiant/capa/actions?query=workflow%3ACI+event%3Apush+branch%3Amaster)
 [![Downloads](https://img.shields.io/github/downloads/mandiant/capa/total)](https://github.com/mandiant/capa/releases)
 [![License](https://img.shields.io/badge/license-Apache--2.0-green.svg)](LICENSE.txt)
diff --git a/rules b/rules
index f934f44f7..ec223d1a1 160000
--- a/rules
+++ b/rules
@@ -1 +1 @@
-Subproject commit f934f44f71e8758f9c1a1680493ec86b387d88c9
+Subproject commit ec223d1a1468f1d18887191ddb2e28e0a4a8e8d2