Hi Matthias, thank you for the outputs. I don't see any config issue.
What's the configuration for DosProtect? Could you please share the output for "show configuration dosprotect" for both Core switches?
When you see this issue, are you connecting just the uplink to Core1 or both?
I would try to connect to both Core switches with only sharing configuration on the New_SW, without any vlan/IP configuration to the uplink ports. Also, you could try to connect to Core2 only and see the results.
I'm wondering if that could be just a burst and not a constant high traffic rate from the New_SW. If that's true, than you could try adding the New_SW port as a trusted_port to the Core switch using the following command:
"config dos-protect trusted-ports add-ports 3:4"
You can monitor the switch CPU with "top" command.