The Command-and-Control part of the botnet would be whatever component they build to instruct it to attack; often using some dummy website they register and have the compromised clients poll for changes with instructions.

I think an increasing amount of them are state actors or groups offering the botnet as a service.